The cybersecurity skills gap is not unlike the periodic dips in programming talent that occur as technology changes. The difference is that while a lack of programmers can delay program launches, empty seats in the cybersecurity domain can do immediate and lasting damage to your company and customers.

The dearth of cybersecurity professionals is a current fact of life, but enterprises can’t simply give up the effort to fill their open positions with highly qualified professionals to safeguard their operations. Instead, security leaders should use a combination of internal resource development and external recruitment to close ranks against cyberattacks.

Supply and Demand

According to Forbes, the demand for chief information security officers (CISOs) and other cybersecurity professionals is expected to reach 6 million by 2019, and Symantec CEO Michael Brown said he actually expects 1.5 million fewer applicants for those jobs. While companies wait for resumes to magically appear in the HR inbox, cybercriminals are taking advantage of the openings. This overwhelms both the staffs charged with keeping the company safe and the systems designed to protect enterprise assets.

Given these shortages, it’s no surprise that, according to Burning Glass Technologies’ “Job Market Intelligence: Cybersecurity Jobs, 2015” report, cybersecurity workers are demanding and receiving 9 percent, or $6,500, more per year than their peers in other IT positions. In other words, it isn’t that companies are being tight when they look to fill these jobs but a clear case of supply and demand. What factors, then, will attract the few available candidates without lowering recruiting standards?

Money Isn’t Everything

Obviously, salary is the leveling force in the workplace. It isn’t the only criterion, however, and attracting great employees that are eager to fill demanding positions requires more than just great pay.

Defending the enterprise against cybercrime is a long-term proposition facing long-term challenges, and companies need to protect themselves immediately and continuously. Management must focus on surviving the turnover of cyber professionals. That means developing an environment that attracts competent and motivated people, keeps them engaged with the company, and provides training and advancement opportunities that they can’t find elsewhere.

If you want to become the go-to employer for aspiring security nerds, you must be serious about becoming a hub of security education, research and overall knowledge. Demonstrate in your recruitment efforts that your commitment to security goes beyond just protecting company assets and that security is part of your culture. Emphasize that cybersecurity isn’t just an IT effort, and that C-level executives are committed to hiring the best security professionals to protect their company.

Bring in training resources and sponsor employee education, both internally and through external institutions. Offer incentives based on merit to attend industry events, then make certain your staff not only attends, but presents at conferences. Encourage them to participate in panel discussions and network with high-level industry executives.

A Long-Term Solution to the Cybersecurity Skills Gap

In short, employers must treat security professionals with at least as much respect and appreciation as they afford top-level executives and sales professionals. Your company’s future depends on your security team’s prowess.

The data shows that the cybersecurity skills gap is unlikely to fade anytime soon. The key to long-term success lies in your security leaders’ ability to stand out from the crowd of organizations desperate to recruit top-level talent.

Read IBM Executive the report: Addressing the Skills Gap with a New Collar Approach

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read