Threat of Cyber Skills Gap and How to Fill the Void

Given that the growing jobs gap in cybersecurity is projected to be more than two million unfilled positions by 2019, something needs to change. Hiring managers across all sectors need to do more to attract, train, and retain the security vanguards of tomorrow.

More than likely your company has at least one security position open, and there are lots of skilled candidates who would love to provide their services, but they aren’t applying for the jobs.

Why aren’t candidates applying?

Most corporate job postings render between 60 and 250 responses. In security, though, those numbers are far lower.

Of the respondents in a cyber security workforce study by ISACA’s Cybersecurity Nexus (CSX), 59 percent reported that they only received five applications for job postings in security.

Though many want to point to a lack of skilled candidates, others suspect that perhaps the hiring process needs a makeover. Both things are true.

Managing expectations

How is it even possible to post an entry level position for a Cyber Security Engineer and expect that the candidate has an IT degree (or other engineering or technical discipline) and at least 6 years experience?

In addition to the degree and years of experience, companies are also requiring the candidate to hold multiple certifications — which of course require years of experience to obtain.

With more breaches resulting from human error — likely because security practitioners are too overwhelmed to keep up — the hiring process has to change.

The gap can be narrowed, but it requires more than automation.

What can you do to fill the void?

Here are some tips based on research conducted by CyberSN and the Jane Bond Project:

  • Ask for help. Yes, there is a shrinking pool of highly qualified security candidates, but that doesn’t mean you can’t find them. Accept the reality that recruiting security talent is difficult and will take some time.
  • Be active in recruitment. You need to know where to look. If you’re a hiring manager, and you don’t understand the position and the skills needed to perform the tasks, consider asking an outside party for help.
  • Pay them what they are worth. More than 80 percent of the survey participants reported paying a salary higher than what was originally posted. Data is useful when it’s accurate. Where so many companies have to raise their salary caps, it’s worth questioning the reliability of the compensation data you’re relying on.
  • Look for leaders within. More than likely you have a wide array of talented, go-getters in your organization. Identify them and then train them to be the security practitioners you need.
  • Change the gender statistics. Women are still lagging far behind, representing only 11 percent of the security industry. Those numbers grow smaller as you look to higher and executive level positions.
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.