With all the layoffs and furloughs due to COVID-19, you may be wondering if the shortage of cyber professionals is still a problem. According to Gartner, the answer is yes. Citing the rise in COVID-19 themed cyberattacks, Gartner saw the demand for information security roles surge in February 2020.
Industry experts now count the global shortage of cybersecurity professionals in the millions. To hiring managers, this simply means good people are very hard to find and even harder to retain within their budget.
The labor shortage is complicated by the proliferation of roles that are needed to support a strong cybersecurity defense. For example, staffing a Security Operations Center (SOC) requires a team of security analysts, threat responders, security engineers, and SIEM content developers. Many organizations are not big enough to support full-time employees with such a narrow cybersecurity specialization. And when you add in the requirement to staff a 24/7 operation, the cost and time to build a team can become insurmountable.
Here are three areas where you can combat the staffing shortages in our industry.
Talent Sourcing
- Partner with Educational Institutes
Universities and Technical Colleges offer a range of cybersecurity courses and degree programs that may one day help shrink the skills gap. In the meantime, employers should identify local educational institutes and recruit students into intern and entry-level positions. Consider offering to be a guest presenter, hosting a tour of your company, or contact the college’s student placement team and ask about hiring events.
- Hire More Women
Women only make up a quarter of the cyber workforce, but bring many desirable skills and unique perspectives to cybersecurity roles. Get involved in networking groups for women interested in cybersecurity and demonstrate to female candidates that your organization is an environment where they are valued and can achieve their career goals.
- Recruit Veterans
Veterans are accustomed to working in demanding environments, using advanced technology, and being trusted with confidential information. There are multiple opportunities for employers to support veteran’s groups that focus on cybersecurity training and gain more visibility as a potential employer.
- Look for Adjacent Skills
Hiring managers like to find people who have experience in a role that is similar to the job vacancy they are trying to fill. In a tight labor market, you can expand your candidate pool by recruiting based on skills vs. roles. For example, search for candidates with computer networking or ITSM skills, that can be trained on the missing skillset.
Reduce the Need
- Automate
IT teams should look for opportunities to automate workflow and remediation tasks, to create faster processes and reduce the workload. Security Orchestration Automation and Response (SOAR) tools can increase productivity and reduce the need for incremental hiring.
- Train
Like automation strategies, effective training increases the productivity of your IT security team. Cybersecurity professionals are often focused on achieving certifications that increase their marketability but do not necessarily increase their productivity. Map your teams skills gaps to key objectives and explore training courses that allow your team to optimize the tools you have in place.
- Retain
Employee turnover has a negative impact on productivity and quality and is a significant time drain for hiring managers. Effective retention strategies include offering a career path, paying competitively, providing training, and offering the ability to work remotely.
Change the Dynamic
Many organizations do not have the scale or budget to hire a team of cyber professionals. Outsourcing this function to a managed security service provider (MSSP) taps into a pool of trained experts, allowing the client to leverage the MSSP’s investments in tools and benefit from their mature processes.
- Hire Remote Employees
COVID-19 has altered the expectations of working from home. Traditionally, companies required security staff to work in a secure physical location or Security Operations Center (SOC). While there are still advantages from team members collaborating from the same location, IT security managers are becoming more accepting of virtual collaboration. This shift provides more flexibility for those in the industry and will be a differentiator in combatting the cyber skills gap.
- Move SOC Location
The challenge of staffing and managing a 24/7 operation is non-trivial. Studies of human behavior show that productivity and effectiveness degrade during second and third shifts. Adopting a follow-the-sun model allows employees to work during local business hours, attracting higher quality and more experienced professionals who otherwise would not sacrifice their quality of life by working graveyard shifts. Moving a SOC can also take advantage of the availability of skilled labor in locations near universities or other big employers.
