Cybersecurity skills are in high demand in the UK and across the globe. An increasingly complex security landscape, combined with a challenging threat environment, is putting pressure on organisations to fill the security skills gaps in their workforce.
Add to this the additional demands being placed on businesses to cope with changing compliance and regulation requirements, driven by the GDPR, then you have something akin to a ‘perfect storm’ in terms of recruiting the right skills and resources to meet these growing demands.
In a Global Information Security Workforce Study conducted last year, 66 per cent of organisations reported that they had too few information security workers to meet their needs, highlighting the challenges for HR and recruitment professionals.
It is estimated that there are 1 million unfilled security jobs worldwide – and this is unlikely to change any time soon. To keep pace with a growing range and number of threats, many companies will no longer be able to tackle all aspects of cybersecurity in-house. The skills gap is effectively leading to a gap in an organisation’s risk posture, potentially exposing them to unnecessary risks.
With GDPR set to impose tough new standards in May, along with punitive fines for failing to protect data, many in-house security teams will be left struggling to cope with new regulatory challenges at a time when they are woefully under-resourced.
Finding the right people
Finding resources is certainly a challenge for companies today, but finding and recruiting the right people is absolutely critical. When it comes to recruitment, it is important to review your recruitment strategy to ensure it is fit for purpose.
You will need IT security staff – specialists in compliance, digital forensics, incident response, threat intelligence and analytics – but don’t ignore people from outside typical IT security roles.
Above all, we need to do more to encourage people to consider a career in security, and this starts at the grassroots level.
Individuals with good communications, people and business skills can also make an important contribution within the IT team. The ability for these staff members to listen, empathise and help demystify cybersecurity within the business could make a huge difference – and HR should take note.
Training to a high standard
Do not underestimate the complexity of your operations either. In an IT security department, you need people with a range of skills, but often they don’t have a broad enough skill set to cover all that is required of them. If you want your IT security staff to ‘wear many hats’ recruit them accordingly or train them up to the standard required.
Attracting and retaining talent in the cybersecurity industry
Above all, we need to do more to encourage people to consider a career in security, and this starts at the grassroots level. The industry, business and government need to get better at educating teachers and careers advisors at schools, colleges and universities to fundamentally change the way people view working in the industry.
Then there are generational challenges to consider in an age when many millennials take a’ revolving door’ attitude to work, leaving their jobs at unprecedented levels and being less settled than their more mature counterparts. HR needs to look beyond traditional recruitment practices and understand what motivates these people.
There are simply not enough qualified security experts entering the workforce today and there is no silver bullet to alleviate the problem.
The disconnect between what a manager expects and what a new team member requires for a successful and rewarding career is something that needs to change if the cybersecurity skills shortage is to be addressed.
Outsourcing: is it a viable option?
Recruiting and managing a team of security professionals brings its own challenges, unique to other departments and roles within a business. There are the obvious ones, such as the cost of recruitment and the length of time and commitment in filling each position.
Then there is the need to train individuals and keep their skills and certifications up to date, which is often very demanding within a cybersecurity role as threats evolve and technologies change.
One option is to outsource these skills to avoid the cost, time and frustration of this process, which may have to be repeated if someone decides to leave (along with their knowledge and skills). Being able to outsource some or all of these skills to an end-to-end provider of cybersecurity services can help close the gap, as they focus on providing the right people with the right skills at the right time.
There are simply not enough qualified security experts entering the workforce today and there is no silver bullet to alleviate the problem. Cybersecurity needs to be seen as a career choice in order to attract more people into the profession. There’s never been a more important time to make this a career of choice.