If there’s been one constant in the ever-changing cybersecurity landscape of the past few years, it is global consensus around the lack of qualified people to do the job.
In the US alone, there are 50% fewer candidates in the cyber space available today compared to two years ago. Globally, there are currently 3.5 million cybersecurity jobs going unfilled. And in the World Economic Forum’s Global Cybersecurity Outlook 2023 report, 64% of cyber leaders ranked talent recruitment and retention as a key challenge for managing their cyber resilience moving forwards.
And it feels like a problem that is only set to get bigger. Analyst Josh Bersin believes cyber is the fastest-growing job market of all. Yet less than half of the country’s top 50 computer science programs include security courses for undergraduates. Cybersecurity and associated areas are still relatively new additions to the academic curriculum – and this, plus the fact that the threats and strategies for managing them are constantly evolving, makes finding the right people to fill cyber roles harder than ever.
Add to this issues around the so-called “Great Resignation” – a survey last year from Trellix found that over a third of the global cybersecurity workforce plans to change professions in the future due to frustrations with the sector – and that talent gap becomes a talent crisis.
A common problem
Addressing that crisis head on was one of the key talking points at GDS Group’s recent Security Summit, where some of North America’s most senior cybersecurity leaders gathered to discuss where to find the right skills – and how to develop them.
Because even the best cyber talent still requires training and upskilling in order to stay current. And for Renata Spinks, CISO for the US Marine Corps, that means building the right organizational muscle memory to make learning habitual.
“We have to enable true learning environments – whether those be in the classroom, through show-and-tell experiences, or through mentoring and coaching, whatever,” she told attendees in her closing keynote. “It’s about acquiring knowledge and building muscle. Because you only get better by exercising that muscle.”
Talent versus skills
For Spinks, that means working on what she calls “reps and sets”.
“Skills and talent are not synonymous,” she says. “Everyone has a skill – whether it’s finance, project management, cyber, engineering, you name it. Skills and can be taught. But talent comes from reps and sets. It’s your ability to implement those skills in the most effective and efficient manner, when it matters most. We constantly pick up new skills and competencies – as we go through college, take training courses, undergo certification, etc. The talent element is about making that a practising, executable action.”
And investing in developing that natural ability will be critical moving forwards. Research suggests companies that provide a healthy learning culture and career development lead to more committed employees and improve company performance. Meanwhile, a report from Linkedin showed that 94% of employees believe investment in training and education is one of the primary reasons they would decide to stay in a role for longer.
“You need to know where your people’s passion lie, what motivates them, how satisfied they are with what they’re currently doing,” says Spinks. “Individual development plans are critically important. If you don’t have that, you run the risk of losing that talent.”
Upskilling and reskilling
The challenge is that there’s a talent shortage in every industry: you’re not just competing with others in your industry when it comes to attracting the best people, but with organisations in every sector and across different job functions.
As early as January 2020, a McKinsey & Company report stated that 87% of companies worldwide would face a severe talent shortage. It’s a trend exacerbated by the Great Resignation, and is impacting companies everywhere – not least in the tech and cyber space.
As such, Spinks believes that doing a better job of tapping into your existing talent base is key. “There are lots of individuals who maybe started out their careers on one path – perhaps on the science side, or in academia, or in any number of other areas – who now want to get more operational, but who perhaps feel there isn’t a place for them in cyber,” she says. “So how do we reach out to those people, identify where they can contribute and bring them in?”
The goal is to make cybersecurity more accessible to a wider range of potential candidates. And this means recognising that the role is no longer purely a technical discipline. “Anyone can be a cyber warrior,” says Spinks. “Maybe you’re not a programmer. Maybe your skills lie in analysing risk. Or in navigating appropriations and budget. Or on the governance side, in ensuring the right policies get put in place. There are so many different ways people can contribute.”
Harnessing tech in the war for talent
So how do we better understand existing skills gaps, and chart a path for both new entrants and seasoned security practitioners? According to Spinks, one of the key elements to get right is to deploy technology to make sense of where your current capability gaps lie, what skills and talents you currently have, and how those two things map together.
“Understanding who you’re working with, what the triggers are for them to become more motivated or disengaged, is absolutely critical. And this is where people analytics comes in.”
She’s also a big fan of using automation to help alleviate the burden on existing staff, and ensure the work they are tasked with doing is more stimulating. “Automation has a big role to play,” she says. “Repetitive tasks are something we’re looking to automate, but areas where we need decision-making that is critical to loss-of-life, loss-of-limb or loss-of-data – that’s where we ensure we still have humans in the process.
“We shouldn’t ever think of automation as a way of replacing people. It’s about helping us to meet that skills and capabilities shortage – and in fact, it’s the only way in which we’ll ever be able to do that.”
Indeed, meeting the current talent shortfall – whether through more training or more automation – will be key. ISACA reports that 45% of employees in the security space cite “high levels of work-related stress” as their main reason for quitting. This is a hugely rewarding, but also incredibly pressurized, industry – so finding ways to better support our staff will be critical moving forwards.
GDS Summits are tailored three-day virtual events that bring together business leaders and solution providers to accelerate sales cycles, foster industry conversations and drive better outcomes. 88% of attendees said the overall experience of the Digital Summit they attended was above average or excellent and 88% of solution providers said they would be interested in sponsoring future events.
For more, click here to hear from attendees on how GDS has helped them to achieve their business outcomes.