As organizations struggle to fill cybersecurity vacancies due to a worldwide shortage of 4 million professionals, they should consider implementing strategies to attract qualified candidates and prevent experienced staff from leaving.
The (ISC)2 Cybersecurity Workforce Study 2019 lays out four strategies organizations should consider:
- Address cybersecurity team members’ needs with training and career development opportunities.
- Properly set internal expectations about applicant qualifications to widen the search for candidates as much as possible.
- Target recent college graduates and workers with degrees relevant to cybersecurity.
- Grow your cybersecurity team from within with further development and cross-training opportunities.
All of these strategies are based on two primary themes – set reasonable expectations and be open-minded about who qualifies for cybersecurity positions. In many cases, companies have asked too much of candidates and searched too narrowly, which got in the way of building their cyber teams.
Strategy #1 calls for addressing cyber workers’ needs by providing opportunities to build a successful career. Those opportunities include relevant on-the-job experience, career advancement initiatives, and training and development in areas such as cloud security and risk assessment. To help address challenges cyber workers face, organizations should contribute to certification fees, lay out clear career paths for them, and educate all users on cybersecurity.
Strategy #2 centers on building consensus in the organization to properly set expectations about what qualifies a candidate for cybersecurity work. It’s important to recognize not all applicants have four-year college degrees or that some may have jobs in which cybersecurity is only one of many responsibilities. Companies should also be realistic about salaries and certification requirements. Be open to letting applicants earn certifications after joining your company.
Strategy #3 is about considering college graduates and workers from other fields to join your cyber team. While those candidates may not have direct cybersecurity experience, work in fields such as computer and information sciences and engineering can serve as a foundation to learn cybersecurity. This doesn’t mean ignoring candidates with previous cyber experience; you should recruit both types.
Strategy #4 calls for growing the cybersecurity team from within by identifying non-security-focused IT professionals with the right skills and motivation. Offer to pay for training and certifications as an incentive to make the move. But don’t limit the search to IT; employees in other areas such as HR, communications, finance and legal have transferrable skills that may be a good fit for the cybersecurity team.
Building a talented, skilled cybersecurity team is essential to protecting organizations from cyber threats. Organizations should stress the positives of the job. After all cybersecurity is an exciting field that offers job stability through constant evolution and new challenges.