While spending on security technologies continues to increase, organizations are still fighting an uphill battle against cyber attacks. The primary reason is that the personnel needed to defend organizations is extremely scarce. Currently, the cybersecurity workforce gap estimate stands at more than 3.1 million trained professionals worldwide, and it will take time to close that gap.
Organizations aren’t likely to solve the problem by focusing their recruitment strategies solely on finding “all star” cybersecurity leaders who just aren’t available. And when they are available, they are quickly snapped up by organizations that can afford the high salaries they command.
(ISC)² recently published its “Cybersecurity Career Pursuers Study,” which makes clear that this traditional approach is not working. Instead, organizations should focus on building robust cybersecurity teams by recruiting candidates with skills that can complement cybersecurity experience and are translatable to success in the field. The goal should be to build self-replenishing teams with junior members who are eager to learn and have the creativity and resilience the career requires.
This approach is among the 10 strategies outlined in the Career Pursuers study for successful team building. To read all 10, download the report here. For this blog’s purposes, let’s focus on a couple of areas where organizations can start working immediately – identifying talent from within and fostering mentorships.
While 55% of cybersecurity professionals get their start in IT, according to the study’s findings, IT isn’t the only place to look for cybersecurity talent. Of course, it’s more difficult to find it elsewhere in the organization, but once you understand what qualities to look for, the job should get easier.
In the Pursuers study, current cybersecurity professionals told us what they view as valuable assets in cybersecurity team members – analytical and critical thinking, problem solving, ability to work on a team as well as independently, and creativity. These are qualities any organization can find in a cross-section of departments by asking the right questions about skills, preferences and ambitions.
As the study suggests, “Look for team members who share the same motivating factors as professionals and pursuers. Make cybersecurity career opportunities available to all team members in your organization, especially those looking for advancement.” Simply looking within for the right kind of talent increases your chances of building a solid cybersecurity team as compared to the daunting challenge of finding the “right” candidates in the open job market.
No one can provide greater insight into what makes a good cybersecurity team member than those already on a team. This is a compelling reason for organizations to leverage the experience and know-how of team veterans to help junior members learn the ropes.
Cybersecurity professionals in the Career Pursuers study said that in their early years on the job, they gained a lot of insight by shadowing a team veteran, which contributed significantly to their success. With that in mind, organizations should implement membership programs that allow veterans to fulfill a leadership role in helping new hires grow into the job. This approach is beneficial not only to new hires, but also to the veterans who in some cases may not have recognized their own leadership qualities.
One thing the study makes clear is that your organization likely already has resources that can be instrumental in building your cybersecurity teams. You are much more likely to produce concrete results by tapping those resources than by holding out for the ever elusive “all stars” in the job market.