Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Recruitment Challenges Continue to Plague Cyber Security

Recruitment remains a major problem for cyber security departments, and there seems to be no easy solution. One difficulty is that the issue is described in vague terms and throw-away statements: there’s a skills shortage; there are too many vacancies and not enough candidates; cyber security isn’t promoted as a worthwhile career in schools.

Recruitment remains a major problem for cyber security departments, and there seems to be no easy solution. One difficulty is that the issue is described in vague terms and throw-away statements: there’s a skills shortage; there are too many vacancies and not enough candidates; cyber security isn’t promoted as a worthwhile career in schools.

All of these are only partly true; and none offers a solution. Consider the ISACA/RSA Conference report titled State of Cybersecurity 2016. 461 cyber security managers and practitioners were asked, among many other questions: “What are the most significant skills gaps you or your organization sees among today’s cybersecurity/information security professionals?”

Knowing that there is a skills gap, one might expect ‘security technical skills’ to be the most popular response. It was not. The primary skills gap lies in the ability of candidates to understand the business (75%). A lack of technical skills scored only 61%; equal, in fact, to another non-technical issue – poor communication.

Cybersecurity Skills Shortage

The reality of cyber security today is that the profession is changing. Technical ability is no longer the prime requirement – rather is it the ability to align security with business and to communicate security issues to completely non-technical business leaders. To a certain extent, technical skills can be taught ‘on the job’ – soft skills are largely inherent in the person.

However, understanding the true nature of the skills gap still doesn’t help the security department struggling to fill its vacancies. The same ISACA/RSA Conference report shows that fully 28% of vacancies remain unfilled for six months while only 8% are filled within one month.

Again, such broad-brush statements hide the reality: some companies can fill vacancies rapidly, while others will always struggle. For example, small companies in tech-concentrated localities will struggle in the face of higher salaries offered by larger companies. In reality, the smaller companies may be the better company for employment since they are forced to make their positions and companies better places for work.

Similarly, large companies can poach staff from smaller companies through better pay packages. So to a certain extent, the pool of existing specialists is continually recycled rather than the large companies taking the responsibility to bring in and train new talent.

None of this changes the reality: for most companies security recruitment is a problem. To solve this, they have to be imaginative. One example is to recruit from within, but ahead of the expected need. That way the right attitude can be recruited, and the right technical skills can be developed.

Advertisement. Scroll to continue reading.

Referral programs can also be successful – and they are more successful where a decent referral bonus is on offer. But one of the most successful routes is to develop a solid intern program, preferably with a local higher education establishment. Mentoring interns provides immediate resource. It should still be paid, but would be less than a full-time employee.

During the time the interns are still at college, they can be trained into security specialists. Both sides get a good look at the other, with a good probability of an experienced, motivated and fully acclimatized employee at the end.

Related: The Harsh Truth of the Cybersecurity Talent Gap

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.