Cybercriminals are continuously evolving, scheming and ramping up attacks with complex distributed denial-of-service (DDoS) campaigns, malware scams and a plethora of techniques for sale on the dark web. In such a perilous threat landscape, our white hats need all the help they can get. The problem is that many organizations are struggling to both find and retain talent.

According to the International Information System Security Certification Consortium ((ISC)²), the global cybersecurity skills shortage reached almost 3 million in 2018, and Enterprise Security Group (ESG)‘s year-end survey found that 53 percent of IT professionals report a problematic shortage of cybersecurity skills. What’s worse, this figure has risen steadily in each of the past four years.

While the cybersecurity skills gap isn’t new, these numbers suggest that organizations are still struggling to recruit and retain qualified security professionals. How can cybersecurity leaders start gaining ground on this growing challenge before the industry reaches its tipping point?

3 Inside-the-Box Strategies to Close the Cybersecurity Skills Gap

Instead of actively seeking measures to enable the development of new workers, companies are more likely to poach top-tier talent from another company, adding an unending cycle of staff changes to the existing talent shortage problem. Why not look from within? Below are three creative ways to empower the cybersecurity talent you already have in-house.

1. Create a Mentor Program

How does your organization foster cybersecurity talent? Are there in-house mentorship programs designed to partner seasoned security professionals with new hires? Technical expertise can be learned, and most new employees will rapidly acquire technical skills as they gain experience.

2. Join a Professional Organization

There is strength in numbers. There are myriad professional organizations dedicated to cybersecurity professionals that connect beginner, intermediate and advanced IT experts. Take the time to review organizations such as the Information Systems Audit and Control Association (ISACA), SANS Institute and Information Systems Security Association International (ISSA) and submit your company for a membership. Whether you’re exploring a career in cybersecurity, honing your technical expertise or already a seasoned security executive, these organizations can help you keep abreast of industry trends and developments.

3. Share Best Practices in a User Community

Many companies that sell software and services within the cybersecurity industry are now focusing on supporting their client base via community efforts. A community enables you to collaborate with subject matter experts and interact with a network of your peers. After all, no one company can tackle cybersecurity alone.

Community engagement provides a unique opportunity to have a meaningful dialogue with clients and continuously support them in the cybersecurity challenges they face every day. These communities allow organizations to establish a stronger, more authentic connection to their client base, empower clients with educational resources, and champion cybersecurity professionals and their work. If done right, you’ll generate more loyal customers who see increased value from your products and services. One year ago, we created the IBM Security Community, and the results have been nothing short of inspiring.

Building Cybersecurity Skills for the Future

Organizations face a daunting task in the fight against cybercrime, and education, mentoring and community efforts are becoming part of a core strategy to help meet these obstacles head-on. Instead of perpetuating the vicious cycle of poaching what little top-tier cyber talent other organizations have, efforts to build skills and develop candidates from within will benefit not only the companies that invest this time and effort in their own resources, but also the cybersecurity industry at large for decades to come.

Join the IBM Security Community

More from CISO

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read