Tackling the Cybersecurity Talent Gap: 4 Tips for Employers

December 6, 2021

While the cybersecurity industry is growing fast, it faces a massive shortage of talent. In this article, Lisa Plaggemier, interim executive director, National Cyber Security Alliance provides few tactics for organizations to inspire individuals toward a career in cybersecurity.

Few industries are growing faster than cybersecurity. However, for the amount of buzz around the space, one major issue continues to plague it: a dearth of talent.

According to the (ISC)2 Cybersecurity Workforce Study for 2020[1]Opens a new window , the cybersecurity industry is facing an extreme shortage of talent, needing approximately 3 million qualified professionals. Pair this with the fact that the category is set to experience a compound annual growth rate of 10.9% from 2021 to 2028[2]Opens a new window , and it is no surprise that businesses are scrambling to find ways to fill the talent pipeline.

With that in mind, and with Cybersecurity Awareness Month underway, here are a few tactics for organizations to help inspire and drive individuals toward a career in cybersecurity.

1. Prioritize Diversity

Beyond the shortage of talent in general, the cybersecurity industry also suffers from a severe lack of diversity within its workforce. For example, in 2019, women only accounted for 20% of the global cybersecurity workforce, according to Cybersecurity Ventures[3]Opens a new window . Additionally, per (ISC)2’s Cybersecurity Workforce Study for 2020, only 51% of cyber workers say they “perceive the percentage of women in the field to have risen over the last five years.” Moreover, only 12% of black professionals worked as information security analysts in 2020, according to the U.S. Bureau of Labor Statistics[4]Opens a new window , highlighting there’s significant underrepresentation within the industry. And, as there’s clear room for improvement, this needs to change.

Inclusion and diversity (I&D) should be a priority for all organizations, not just because it is the right thing to do but also because inherent workplace inclusivity offers more diverse thinking and solutions. 

For example, think of the ‘Code Talkers’[5]Opens a new window from WWII. The use of Native Americans to send secret communications during World War II changed the trajectory of the war. It is that type of diverse thinking and solutions that can help increase the success of cybersecurity tactics used today. New solutions born from new perspectives and different ways of looking at problems take critical thinking skills from all types of individuals, whether they’re in leadership positions, entry-level or engineers. 

See More: Building Bridges Across the Enterprise: How To Manage a Less Compliant, Riskier Workforce

2. Dispell the Myths

If you were to survey people at random about the prerequisites for a career in cybersecurity, you would likely expect to hear the following: a love of math, science or coding, or a love of all three. However, the truth is that the cybersecurity industry depends on a variety of skill sets, not just STEM.

From training to coding, there are so many different career paths that individuals can pursue within the cybersecurity sector, many of which don’t require a passion for STEM at all. To be a “good” cybersecurity employee, you really only need a handful of qualities: an interest in problem-solving, a willingness to learn, and a desire to help create a more secure digital world. The industry needs to do a better job of dispelling the STEM-driven myths that surround it. And there are some really simple ways to do that. For example, employers can engage in “open office” days where they invite local students to come in for information sessions with their team members. Or, they can turn their inside expertise into resource libraries and tools for potential job seekers that live directly on their websites. These initiatives can go a long way in humanizing and democratizing cybersecurity, making it far more appealing to job seekers.

3. Expand the Concept of Internships To Include Apprenticeships

Many companies spend an enormous amount of effort and resources to bolster their internship program through university recruiting. The strategy to obtain new talent can foster a non-inclusive approach to hiring. If you take into account that the pool of eligible university students targeted may not reflect a diverse pool of job seekers, it’s important to expand the recruiting approach to finding new talent by offering apprenticeships alongside internships.

With this approach, students pursuing education through training or a certification program can obtain the necessary experience as they pursue their education. There are many programs that focus on the skills needed for roles in cybersecurity without the added courses that accompany the traditional university curriculum and price tag.

See More: What’s Your Disaster Recovery Plan To Fight Ransomware Attack?

4. Turn To Existing Talent

Beyond dispelling external misperceptions about cybersecurity as a career, employers should look to do the same within their organizations. Employers invest massive amounts of time and energy into recruiting efforts to make sure they have the best employees possible. So why not offer existing employees the opportunity to shift into a cybersecurity career track?

Doing this not only helps companies revamp their training infrastructure but also allows organizations to provide existing employees with new opportunities for growth. Moreover, given the affordability of these retraining programs, employers have the opportunity to provide valuable expertise and training to individuals with no cost barriers, thus greatly improving access to these skills. As shown by the shortage in the qualified talent pipeline, finding the right talent to fill cybersecurity is proving to be a foremost hurdle for the cybersecurity industry. And individuals already under your roof may be best suited to take on this new task.

For the cybersecurity industry to reach its full potential, it must start closing its talent gap and quickly, which can start with employers themselves. With creative thinking and expanding options, employers can reach untapped reservoirs of talent and begin to fill their pipelines with the next great crop of cybersecurity professionals that our industry needs.

Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.

Lisa Plaggemier
Lisa Plaggemier

Interim Executive Director, National Cyber Security Alliance

Lisa Plaggemier is Interim Executive Director at the National Cyber Security Alliance. Lisa is a trailblazer in security awareness and education, and is a prominent security influencer with a proven track record of engaging and empowering businesses and their employees to protect themselves and their data. Lisa has held executive roles with the Ford Motor Company, CDK Global, InfoSec and MediaPRO, and is a frequent speaker at major events including RSA, Gartner and SANS. She is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.