The 2021 (ISC)² Cybersecurity Workforce Study suggested that the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets. To protect their systems, employees and data organizations need creative solutions for recruitment, training and retention to maintain safe operations. “Many organizations continue to repeat the mistakes of focusing their time and energy on hunting down and competing for a select few cybersecurity “All Stars” instead of strategically developing their teams at all skill levels to create a sustainable, long-term investment in their security personnel.” (2021 (ISC)² Cybersecurity Pursuers Study)
The 2021 (ISC)² Cybersecurity Pursuers Study found that many organizations have unrealistic role expectations seen in overloading job descriptions with too many responsibilities or with improbable experience requirements for entry-level and even mid-career jobs. Stating that “often, it goes beyond that to include a lack of support once cybersecurity professionals join an organization without clear plans for training, mentorship or advancement. That leads to talent drain, dissatisfied team members, continuous hiring cycles, and, ultimately, weaker security postures and degraded incident response capabilities.”
When asked what concerns or challenges cybersecurity professionals have about their current role for the 2021 (ISC)² Cybersecurity Workforce Study, 17% of respondents selected “lack of mentorship from more experienced in my organization” and 13% selected “lack of opportunity to mentor others in my organization.” In both of these response groups when asked for justification, 44% reported that their organizations do not have an existing mentorship program.
Developing skill sets found within other departments may be the response we need to fill critical positions. Not only would incorporating these currently underutilized programs build up the employee knowledge base, but there is little to no cost involved compared to that of recruitment.
Mentorships enable new professionals in the field to “learn the intangibles of how to navigate the job, convey critical topics to those outside the team, how to “ask the right questions” and build their support network.” They can also help to support threat response by providing incomers with senior colleges to turn to for “immediate on-the-job needs like escalating a possible threat.” (2021 (ISC)² Cybersecurity Pursuers Study) In fields like cybersecurity that lack standard progressive pathways for new hires, mentorships can be the key for newcomers to find their footing and understand the rhythm of their organization.
Mentorships are not only valuable for the mentees and the company, but they also benefit the mentor. Often, we find working with new people, and especially those from differing backgrounds, we can begin to look at our processes and procedures in a new light. For instance, a new college graduate may be more in-tune with the latest technology or someone from a marketing or finance background might implement a new way of organizing a process. By offering this new relationship opportunity, mentors can find fulfillment in sharing their knowledge and skills. “You may be surprised how mentorship can instill confidence in both the mentee and the senior team members sharing their knowledge. You may find leaders you didn’t know you had on your team.” (2021 (ISC)² Cybersecurity Pursuers Study)
While less than half of cybersecurity companies are offering mentorship programs today, it appears that we can expect an increase in the coming years. When asked how their organization plans to invest in talent to help address the cybersecurity workforce gap in the next year 38% of respondents said establish mentorship programs. Of those organizations, 26% expect increased investment in mentorship programming. (2021 (ISC)² Cybersecurity Workforce Study)
Beyond morale and cost savings, a recent Forbes article found that “Companies that invest in their people with mentoring programs weathered the storm much better than those who did not. Companies with mentoring programs had profits that were 18% better than average, while those without mentoring programs had profits that were 45% worse than the average.” These professional relationships may be your key to securing your organization and critical infrastructure and recovery when facing a ransomware attack.