As you’re likely aware, there is a major talent gap when it comes to hiring entry-level cybersecurity workers. An (ISC)2 2020 report indicates that the industry needs an additional three million workers worldwide and that the U.S. cybersecurity workforce needs to grow at a clip of 40%+ to meet demand. Here at Evolve Security, we not only improve our clients’ security posture through testing and remediation, we also help train individuals to enter the field and help businesses build a talented and diverse workforce. In fact, we’ve made it part of our mission to understand the talent gap and explore ways to narrow it.
Recently, we hosted a panel discussion with four Chief Information Security Officers (CISOs) to learn where they think the real gaps in cybersecurity talent are, and how they address some of their biggest hiring challenges. Here are a few of the key observations these astute CISOs shared:
A major insight that the CISOs discussed is that while they may have trouble finding and retaining entry-level employees, perhaps the gap is a mismatch between employer expectations and the skills of those just coming out of school.
Most entrants to cybersecurity typically come from a traditional IT role. The variety of specializations and disciplines in cybersecurity (risk, compliance, security analyst, security engineer, etc.) can be overwhelming and difficult to navigate for someone just finishing college or pivoting into the field. Guidance for CISOs includes:
CISOs may look for new talent externally because they believe they don’t have time to train for the skills they need.
Here at Evolve, we place top graduates from our Academy who have both the technical skills and the critical thinking skills into companies on a short term and long-term basis. They also are supervised by experienced cybersecurity veterans which saves CISOs time.
According to the group of CISOs in our panel, entry-level applicants or those who feel that they don’t have all the skills or qualifications listed in job descriptions can take these steps:
Now more than ever, many companies are focused on increasing their Diversity, Equality and Inclusion (DEI) efforts. The CISOs discussed that organization scan try to eliminate unconscious bias by:
While CISOs need people with technical skills to do important cybersecurity work within their organizations, they also need good communicators on their teams to empathize with their clients’ or management teams’ business objectives, goals and mission. Security is most effective when there is a reduced level of friction between internal security teams and others in the business and “soft skills” are often overlooked.
In conclusion, CISOs are having difficulty finding enough people with specialized technical cybersecurity skills. However, with new thinking around hiring and training, the gap can be narrowed. If you’re looking for cybersecurity training or talent for your organization, get in touch and let’s talk!
View the entire discussion with CISOs Jesse Miller, CISO at Stratosphere Networks; Matt Whisman, Head of Security Engineering and Identity Management at Jack Henry & Associates, Naomi Buckwalter, CISSP CISM, Director of Information Security & IT at Beam Technologies; and Dave Brown, Global Chief Information Security Officer at Clarabridge, here.