Much has been written about the skills gap in terms of the lack of qualified security practitioners to fill the roles available within organizations. In fact, the skills gap is currently one of the top concerns for CISOs, and the situation is poised to get event worse.

Look to the Millennials

A recent Frost & Sullivan report looked at the importance of the millennial generation in filling the skills gap, which it estimated will amount to 1.8 million information security workers by 2020. Millennials will be critical for closing this gap, since they will form an even larger cohort than the baby boomer generation.

Information security education has progressed, but it is still a work in progress. It is unlikely that any organization will be able to fill its needs with university graduates alone, especially given the competition for candidates. This makes it a necessity that organizations ramp up their training programs, taking into account not just the technical skills that are required for information security positions, but also the soft skills that link technology with business needs.

Train From Within the Ranks

The research by Frost & Sullivan found that the millennial generation is particularly open to on-the-job training. In fact, 65 percent of this demographic stated that it is very important to them — a higher clip than previous generations. Millennials place a particular emphasis on mentorship and leadership programs, which is one reason why they are likely to change jobs voluntarily: The research found that better perks are a greater motivation than low job satisfaction when considering a career move.

Embrace Diversity

Millennials are also more likely than previous generations to value diversity, with 46 percent saying that diversity is very important to them. A full two-thirds of millennials claimed to speak more than one language, compared to just over one-third of baby boomers. The value placed on diversity may also help organizations tap the pool of female workers who may not have been motivated to study technology previously.

Another recent study found that women comprise just 10 percent of the information security workforce. If women are not drawn to information security as an education option, on-the-job training may help organizations to train current female workers and increase diversity within their ranks. That move is likely to appeal to millennials.

A New Approach to Close the Skills Gap

Tackling the skills gap requires a new way of thinking for organizations. Rather than leaving everything to recruiters, they should look at current employees and seek to leverage what they already have. For the millennial generation, job satisfaction is vital. Ensuring that they can stay current through training and education will not only increase morale, but also help organizations to overcome the cybersecurity skills gap.

Read the IBM Executive Report: Addressing the Skills Gap with a New Collar Approach

More from CISO

What CISOs Should Know About CIRCIA Incident Reporting

In March of 2022, a new federal law was adopted: the Cyber Incident Reporting Critical Infrastructure Act (CIRCIA). This new legislation focuses on reporting requirements related to cybersecurity incidents and ransomware payments. The key takeaway: covered entities in critical infrastructure will now be required to report incidents and payments within specified time frames to the Cybersecurity and Infrastructure Security Agency (CISA). These new requirements will change how CISOs handle cyber incidents for the foreseeable future. As a result, CISOs must…

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…