Confronting the skills gap is a challenge that has many in the cybersecurity industry confounded. With overworked security teams, an ever-expanding threat landscape and widening attack surfaces, the growing gap poses a serious challenge to the future of the security workforce.

The International Information System Security Certification Consortium (ISC2) looked at the cybersecurity skills gap more completely in its recent report, “Cybersecurity Workforce Study.”

Rather than making its calculations solely by subtracting supply from demand, the study looked at the percentage of companies that currently have open positions and considered the estimated growth of different-sized organizations. This builds an estimated gap based not only on current openings, but also future staffing needs.

“This more holistic approach to measuring the gap produces a more realistic representation of the security challenges — and opportunities — that both companies and cybersecurity pros are facing worldwide,” the ISC2 report said.

3 Out-of-the-Box Ways to Close the Cybersecurity Skills Gap

Sixty-three percent of the more than 1,400 respondents confirmed that their company has a shortage of staff dedicated to cybersecurity. Because of the shortage, 59 percent believe their companies are at moderate or extreme risk of cybersecurity attacks.

The good news is that there are ways to close, or at least narrow, the skills gap. For 48 percent of ISC2’s respondents, plans to increase cybersecurity staffing over the next 12 months are in the works. Whether it’s investing in cybersecurity awareness training, broadening the talent pool or partnering with local colleges and universities, organizations are getting creative when it comes to recruiting and retaining talent.

1. Expand Educational Resources

With an eye on the future of the cybersecurity industry, New York University (NYU) launched a citywide effort called Cyber NYC, according to NYU News. The goal of the initiative is to help fill the industry’s skills gap by providing educational training in cybersecurity.

“New York City needs to be ambitious about cybersecurity because our future depends on it,” said James Patchett, president and CEO of New York City Economic Development Corp. (NYCEDC) in a press release. “Cyber NYC will fuel the next generation of cybersecurity innovation and talent, leveraging one of the world’s greatest threats to create a major economic anchor and up to 10,000 quality middle-class jobs.”

2. Hire From the Public Sector

Another recently published ISC2 report, titled “Building a Resilient Cybersecurity Culture,” found that employees at government agencies bring a lot to the talent table. As such, many organizations have started recruiting directly from governmental organizations.

Of the 250 participants in the study, 50 percent of private organizations have successfully recruited talent from a government agency. Not surprisingly, the salary a private company can offer is attractive to those government workers who have undergone extensive training in the government’s battle against nation-state threat actors and organized cybercrime.

“One of the biggest draws to private industry, according to 67 percent of respondents, is salary,” the report said. “It’s no secret private companies generally pay better than government agencies, so it stands to reason many recruits from the government would welcome higher pay. Other deciding factors for government recruits include having a great leadership team (60 percent) and working for a mission-based organization (59 percent).”

3. Promote STEAM Education

While cybersecurity has long been a highly technical career, the roles and responsibilities of job categories has expanded to the point that many of the jobs that need to be filled actually require nontechnical skills.

“The solution to the talent gap is understanding the roles and responsibilities for each position in the field of cybersecurity, so we can train people,” said Deidre Diamond, CEO and founder of CyberSN. “We haven’t had a common language to work from. Bridging the talent gap requires extreme focus on creating a common language.”

To advance talented candidates into both traditional and nontraditional roles while fostering inclusive hiring practices, Diamond co-founded Brainbabe. Through their work, the leaders of Brainbabe have found that teaching companies to shift from a focus on science, technology, engineering and mathematics (STEM) fields to STEAM (the “A” is for “all”) is a critical step toward narrowing the skills gap.

Executives and hiring managers need to understand the value of inclusion. Being inclusive means being open to the contributions of all candidates, regardless of the boxes they check on a traditional job application.

It’s Time to Reach Across the Skills Gap

At the 2018 Security Congress, Diamond noted that studies have already produced data to support the fact that a diverse team is better at problem solving because it can see everything from a 365-degree view.

If the industry is serious about hiring for perpetually vacant positions, it’s incumbent upon those in executive leadership positions to cast a wider net in their talent searches. Whether by offering greater educational opportunities or inviting broader skill sets, the only way for organizations to fill security jobs is to take a more open approach. It’s time to reach across the gap.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…