November 5, 2018 By Kacy Zurkus 3 min read

Confronting the skills gap is a challenge that has many in the cybersecurity industry confounded. With overworked security teams, an ever-expanding threat landscape and widening attack surfaces, the growing gap poses a serious challenge to the future of the security workforce.

The International Information System Security Certification Consortium (ISC2) looked at the cybersecurity skills gap more completely in its recent report, “Cybersecurity Workforce Study.”

Rather than making its calculations solely by subtracting supply from demand, the study looked at the percentage of companies that currently have open positions and considered the estimated growth of different-sized organizations. This builds an estimated gap based not only on current openings, but also future staffing needs.

“This more holistic approach to measuring the gap produces a more realistic representation of the security challenges — and opportunities — that both companies and cybersecurity pros are facing worldwide,” the ISC2 report said.

3 Out-of-the-Box Ways to Close the Cybersecurity Skills Gap

Sixty-three percent of the more than 1,400 respondents confirmed that their company has a shortage of staff dedicated to cybersecurity. Because of the shortage, 59 percent believe their companies are at moderate or extreme risk of cybersecurity attacks.

The good news is that there are ways to close, or at least narrow, the skills gap. For 48 percent of ISC2’s respondents, plans to increase cybersecurity staffing over the next 12 months are in the works. Whether it’s investing in cybersecurity awareness training, broadening the talent pool or partnering with local colleges and universities, organizations are getting creative when it comes to recruiting and retaining talent.

1. Expand Educational Resources

With an eye on the future of the cybersecurity industry, New York University (NYU) launched a citywide effort called Cyber NYC, according to NYU News. The goal of the initiative is to help fill the industry’s skills gap by providing educational training in cybersecurity.

“New York City needs to be ambitious about cybersecurity because our future depends on it,” said James Patchett, president and CEO of New York City Economic Development Corp. (NYCEDC) in a press release. “Cyber NYC will fuel the next generation of cybersecurity innovation and talent, leveraging one of the world’s greatest threats to create a major economic anchor and up to 10,000 quality middle-class jobs.”

2. Hire From the Public Sector

Another recently published ISC2 report, titled “Building a Resilient Cybersecurity Culture,” found that employees at government agencies bring a lot to the talent table. As such, many organizations have started recruiting directly from governmental organizations.

Of the 250 participants in the study, 50 percent of private organizations have successfully recruited talent from a government agency. Not surprisingly, the salary a private company can offer is attractive to those government workers who have undergone extensive training in the government’s battle against nation-state threat actors and organized cybercrime.

“One of the biggest draws to private industry, according to 67 percent of respondents, is salary,” the report said. “It’s no secret private companies generally pay better than government agencies, so it stands to reason many recruits from the government would welcome higher pay. Other deciding factors for government recruits include having a great leadership team (60 percent) and working for a mission-based organization (59 percent).”

3. Promote STEAM Education

While cybersecurity has long been a highly technical career, the roles and responsibilities of job categories has expanded to the point that many of the jobs that need to be filled actually require nontechnical skills.

“The solution to the talent gap is understanding the roles and responsibilities for each position in the field of cybersecurity, so we can train people,” said Deidre Diamond, CEO and founder of CyberSN. “We haven’t had a common language to work from. Bridging the talent gap requires extreme focus on creating a common language.”

To advance talented candidates into both traditional and nontraditional roles while fostering inclusive hiring practices, Diamond co-founded Brainbabe. Through their work, the leaders of Brainbabe have found that teaching companies to shift from a focus on science, technology, engineering and mathematics (STEM) fields to STEAM (the “A” is for “all”) is a critical step toward narrowing the skills gap.

Executives and hiring managers need to understand the value of inclusion. Being inclusive means being open to the contributions of all candidates, regardless of the boxes they check on a traditional job application.

It’s Time to Reach Across the Skills Gap

At the 2018 Security Congress, Diamond noted that studies have already produced data to support the fact that a diverse team is better at problem solving because it can see everything from a 365-degree view.

If the industry is serious about hiring for perpetually vacant positions, it’s incumbent upon those in executive leadership positions to cast a wider net in their talent searches. Whether by offering greater educational opportunities or inviting broader skill sets, the only way for organizations to fill security jobs is to take a more open approach. It’s time to reach across the gap.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today