Cybersecurity Talent Shortage – or Opportunity?

Three ways to start nurturing a cybersecurity talent pool for a secure future.

More than 1.5 million cybersecurity positions will go unfilled by 2020, according to a recent report, and demand grows by the nanosecond. While security spending is expected to surpass $100 billion – and the cost of cyber crime is expected to top $2 trillion – in that span, companies worldwide are still struggling to find people to fill these roles.

But new approaches to developing cybersecurity skills raise the question: are we facing a talent deficit or an opportunity?

Some organizations are responding to the world’s cybersecurity shortfall by looking at the problem from a different angle (as any good cybersecurity sleuth would). IBM, for example, is fighting back with what it calls “new collar” jobs, positions that emphasize problem-solving skills and willingness to learn over traditional degrees.

A new (collar) perspective on cybersecurity talent

IBM’s general manager of security, Marc van Zadelhoff, recently said that personal traits becoming of a security professional, like curiosity, ethics and understanding of risk, can’t be taught in school. Technical skills that college degree-holders bring to the table, however, can be picked up via training on the job, certifications and community college classes.

These factors suggest that we might not have a talent shortage; we simply aren’t considering our possibilities.

Security threats don’t look or act the way they did ten, five… two years ago. So, why do our cybersecurity professionals?

Not your typical security hero

Case in point: WannaCry was crippling systems across Europe and Asia until a 22-year-old U.K. cybersecurity researcher stumbled upon a kill switch that halted the ransomware attacks.

Take a look at Marcus Hutchins’ blog post on how he “accidentally” stopped a global cyber attack and be sure to note: this isn’t a credentialed corporate security professional. Some might call him a hobbyist. He’s a curious wiz exploring an international virus via test environments on servers he maintains in his room at his parents’ house.

It turns out viruses don’t check your degree type at the door. Yet hiring managers continue to do just that.

Tweet: “Security threats don’t look the way they did 10, 5… 2 years ago. Why do our #cybersecurity pros?”

No time to stand pat

The year 2020 will be here faster than you can say WannaCry ten times fast. How many of the 1.5 million unfilled cybersecurity roles will your company be coping with?

Consider three ways you can start nurturing a talent pool now to secure your company’s future:

1) Reconsider your workforce

While it’s innovative, what IBM is doing isn’t proprietary. It’s a different perspective – by a company that can’t afford being shorthanded (in numbers nor skills) on security. What if we all upgraded the way we look at cybersecurity talent and considered a wider range of skills and experience types?

Keep in mind: this isn’t a downgrading what to look for in cybersecurity professionals. It’s a matter of sharpening focus and developing talent for tomorrow’s security problems.

2) Train, train, train

Four-year degrees might not be essential for cybersecurity professionals, but training is. In fact, continuing education and training for your cybersecurity team will not only be pivotal to attracting and maintaining top talent but keeping your company ahead of threats.

It’s also never too soon to connect with early training programs, like P-TECH, that begin developing security skills in high school. That’s what we call a talent pipeline.

3) Partner with staffing pros

Building a legit talent pipeline that will keep your cybersecurity team staffed into the future not only requires access to a large talent pool but a keen understanding of your business and the security industry. It’s not one-size-fits-all.

Working with a staffing firm that not only understands your business needs but knows the landscape of cybersecurity talent and threats can be a powerful and efficient way to assemble your team – and project what you’ll need into the future

Have questions or feedback on how to address the current state of cybersecurity talent? Tweet @swoond with #SwoonOnSecurity to spark the conversation.