November 5, 2018 By Kacy Zurkus 3 min read

Confronting the skills gap is a challenge that has many in the cybersecurity industry confounded. With overworked security teams, an ever-expanding threat landscape and widening attack surfaces, the growing gap poses a serious challenge to the future of the security workforce.

The International Information System Security Certification Consortium (ISC2) looked at the cybersecurity skills gap more completely in its recent report, “Cybersecurity Workforce Study.”

Rather than making its calculations solely by subtracting supply from demand, the study looked at the percentage of companies that currently have open positions and considered the estimated growth of different-sized organizations. This builds an estimated gap based not only on current openings, but also future staffing needs.

“This more holistic approach to measuring the gap produces a more realistic representation of the security challenges — and opportunities — that both companies and cybersecurity pros are facing worldwide,” the ISC2 report said.

3 Out-of-the-Box Ways to Close the Cybersecurity Skills Gap

Sixty-three percent of the more than 1,400 respondents confirmed that their company has a shortage of staff dedicated to cybersecurity. Because of the shortage, 59 percent believe their companies are at moderate or extreme risk of cybersecurity attacks.

The good news is that there are ways to close, or at least narrow, the skills gap. For 48 percent of ISC2’s respondents, plans to increase cybersecurity staffing over the next 12 months are in the works. Whether it’s investing in cybersecurity awareness training, broadening the talent pool or partnering with local colleges and universities, organizations are getting creative when it comes to recruiting and retaining talent.

1. Expand Educational Resources

With an eye on the future of the cybersecurity industry, New York University (NYU) launched a citywide effort called Cyber NYC, according to NYU News. The goal of the initiative is to help fill the industry’s skills gap by providing educational training in cybersecurity.

“New York City needs to be ambitious about cybersecurity because our future depends on it,” said James Patchett, president and CEO of New York City Economic Development Corp. (NYCEDC) in a press release. “Cyber NYC will fuel the next generation of cybersecurity innovation and talent, leveraging one of the world’s greatest threats to create a major economic anchor and up to 10,000 quality middle-class jobs.”

2. Hire From the Public Sector

Another recently published ISC2 report, titled “Building a Resilient Cybersecurity Culture,” found that employees at government agencies bring a lot to the talent table. As such, many organizations have started recruiting directly from governmental organizations.

Of the 250 participants in the study, 50 percent of private organizations have successfully recruited talent from a government agency. Not surprisingly, the salary a private company can offer is attractive to those government workers who have undergone extensive training in the government’s battle against nation-state threat actors and organized cybercrime.

“One of the biggest draws to private industry, according to 67 percent of respondents, is salary,” the report said. “It’s no secret private companies generally pay better than government agencies, so it stands to reason many recruits from the government would welcome higher pay. Other deciding factors for government recruits include having a great leadership team (60 percent) and working for a mission-based organization (59 percent).”

3. Promote STEAM Education

While cybersecurity has long been a highly technical career, the roles and responsibilities of job categories has expanded to the point that many of the jobs that need to be filled actually require nontechnical skills.

“The solution to the talent gap is understanding the roles and responsibilities for each position in the field of cybersecurity, so we can train people,” said Deidre Diamond, CEO and founder of CyberSN. “We haven’t had a common language to work from. Bridging the talent gap requires extreme focus on creating a common language.”

To advance talented candidates into both traditional and nontraditional roles while fostering inclusive hiring practices, Diamond co-founded Brainbabe. Through their work, the leaders of Brainbabe have found that teaching companies to shift from a focus on science, technology, engineering and mathematics (STEM) fields to STEAM (the “A” is for “all”) is a critical step toward narrowing the skills gap.

Executives and hiring managers need to understand the value of inclusion. Being inclusive means being open to the contributions of all candidates, regardless of the boxes they check on a traditional job application.

It’s Time to Reach Across the Skills Gap

At the 2018 Security Congress, Diamond noted that studies have already produced data to support the fact that a diverse team is better at problem solving because it can see everything from a 365-degree view.

If the industry is serious about hiring for perpetually vacant positions, it’s incumbent upon those in executive leadership positions to cast a wider net in their talent searches. Whether by offering greater educational opportunities or inviting broader skill sets, the only way for organizations to fill security jobs is to take a more open approach. It’s time to reach across the gap.

More from CISO

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today