It’s no secret: The cybersecurity skills gap is widening. As noted by a Cybrary report, two-thirds of organizations are struggling to find new cybersecurity talent, and 80 percent “do not feel adequately prepared to defend their organizations.”

One way to boost current job satisfaction and recruit new IT professionals is through gamification, according to recent research. A new McAfee study revealed that 54 percent of IT experts who describe themselves as “extremely satisfied” work for organizations that use popular gamification strategies, such as capture the flag competitions.

But there’s another potential win on the horizon for the cybersecurity job outlook: gamers themselves. Born into a digital world and raised on complex, demanding video games, these prospective professionals could be just what companies need to level up their security arsenal.

Cybersecurity Job Outlook: All Fun and Games

IT professionals are confident in the benefit of video games for cybersecurity. TechRepublic noted that 92 percent of respondents agreed that “video gaming teaches players skills critical to cybersecurity threat hunting, including logic, perseverance, an understanding of how to approach adversaries and a fresh outlook, compared to traditional cybersecurity hires.”

The results of the McAfee study suggest that gamers who are willing to dedicate endless hours to leveling up their characters are likely to bring the same single-minded focus to the task of hunting down security threats. Seventy-eight percent of cybersecurity professionals said they believe gamers are strong candidates for cybersecurity roles. Even more telling, 75 percent of senior managers who participated in the survey said they would consider candidates with no previous cybersecurity experience if they were proficient gamers.

The McAfee study also suggested that it’s critical for companies to embrace automation to level up outcomes. Eighty-one percent of security professionals said automation would improve overall cybersecurity and give analysts more time to work on significant security threats instead of constantly dealing with first-level alerts and warnings.

Flipping the Script

The report noted that even as games and gamification improve the cybersecurity job outlook, there’s a similar effect happening on the black-hat side of security.

Consider the Mirai botnet, one of the most powerful Internet of Things (IoT) bots ever created, which is infamous for bringing down hosting provider OHV with a distributed denial-of-service (DDoS) attack throughput of 901 Gbps. While security researchers initially speculated that the Mirai creators were experienced cybercriminals or nation-state actors, the truth was far more mundane: As reported by Wired, the young men who created Mirai were trying to corner the market of “Minecraft,” a popular computer game.

It’s the other face of the security coin: Gamers are also looking for an easy way to get a leg up on the competition or exploit video game mechanics for money. Think of it like the rise of artificial intelligence. While this technology offers real benefits for security, according to a recent PricewaterhouseCoopers (PwC) report, “Cyberattacks will also be more powerful because of AI.” If companies aren’t willing to match cybercriminals measure for measure and leverage the benefit of professional security expertise, their network could be the next target malicious gamers aim to bring down.

What does this all mean for enterprises? Is it time to shelve current security teams and recruit an elite squad of gaming professionals? Not quite.

While the cybersecurity job outlook points to a widening gap between staffing requirements and available personnel, companies need a mix of old and new to help level up their security. As the McAfee report noted, keeping current professionals happy means implementing gamification and automation tools, even as managers “consider alternative methods to plug this cybersecurity skills gap.”

more from

To Cybersecurity Incident Responders Holding the Digital Front Line, We Salute You

Over the course of two decades, I’ve seen Incident Response (IR) take on many forms. Cybercrime’s evolution has pulled the nature of IR along with it — shifts in cybercriminals’ tactics and motives have been constant. Even the cybercriminal psyche has completely rebirthed, with more collaboration amongst gangs and fully established ransomware enterprises running. When I was first starting off,…