Across all industries and organizations of all sizes, the cybersecurity skills gap continues to pose challenges. Changes to the economy and to the workplace due to the COVID-19 pandemic are compounding the problem.
As the concept of remote work becomes the norm and infrastructures become more distributed, the need for IT professionals with up-to-date security skills and knowledge will only grow. A recent survey by security provider Fortinet, conducted prior to the pandemic, found that 76% of respondents agreed that the skills shortage has created additional risks for their organization.
More than ever, organizations need to be creative in addressing the cybersecurity skills gap. This means expanding talent searches and diversity efforts—including looking to students, veterans and women to help fill these roles.
Here's how to close the skills gap with your untapped talent.
Draw more women into cybersecurity
The gender disparity in cybersecurity is significant. Women account for half of the total population and workforce worldwide but only 24% of the cybersecurity workforce, according to the 2019 Women in Cybersecurity report from ISC², which provides security certifications.
Organizations are missing out on the higher performance that a diverse team brings. This documented fact, in conjunction with the ongoing skills gap, creates the opportunity to solve two problems at once: Providing a valuable career for women, and helping organizations create stronger, more diverse cybersecurity teams.
Women bring broader skill diversity to cybersecurity roles. Seventeen of the 20 top skills employers require in their job descriptions for CISO placements are soft skills, which women list on their resumes 52.5% more often than men do, according to other research by Fortinet. Soft skills include leadership, interpersonal communications, personal characteristics, and analytical ability.
Further, gender-diverse teams make better decisions 73% of the time versus 58% of the time for all-male teams, according to the same research.
In recent years, companies have shown a stronger desire to increase diversity in their hiring practices. Collectively, organizations must move forward more aggressively on that desire by adopting more focused and inclusive recruiting strategies to hire more women into critical cybersecurity roles.
The untapped potential of veterans
In addition to gender diversity efforts, organizations can also look to our nation's veterans. More than 250,000 service members will leave active duty every year for the next several years with an average of 15 years of specialized experience under their belts.
Organizations are starting to take advantage of this potential workforce. Among respondents, the 2019 survey found, 57% indicated that their cybersecurity team had hired at least one veteran. But there's more to be done.
Though there are veterans in cybersecurity workplaces and in executive management, just under half (49%) of respondents reported that their organizations have a focused hiring program targeting veterans.
Organizations that are actively recruiting veterans have benefited from a team with diverse perspectives and technical skill sets that complement a career in cybersecurity. Interestingly, 43% of US respondents reported that at least one C-suite executive at their firm is a veteran or a military spouse. These executives tend to have a long tenure at their companies, with 80% having served for five years or longer.
This is an illustration of the caliber of worker that can come from a military background. When asked about stand-out attributes of their veteran colleagues, more than 40% of respondents cited their work ethic, situational awareness, attention to detail, and ability to work in fast-paced, high-stress environments. In open-ended questions, respondents noted several additional positive attributes in their veteran colleagues, including decision-making abilities, discipline, and a can-do attitude.
The statistics demonstrate that cybersecurity leaders value the veterans and military spouses that work in their organizations. However, it is also clear that with a more deliberate effort at the corporate level, organizations could benefit even further from the broad and deep skill sets of veterans—further narrowing their cybersecurity skills gap.
Start at the beginning
Building the talent pipeline for cybersecurity also means starting earlier—with programs through high schools, colleges, and universities, along with apprenticeships and internships, as well as individuals working with nonprofit organizations. The goal is to ensure that participants gain the knowledge required to become part of an elite group of skilled security professionals.
Organizations should work with the public education sector to incorporate training and certification programs at the pre-career level. Cybersecurity providers, in particular, have both a responsibility and an opportunity to help close the skills gap with this kind of public-private partnership.
These programs will help shape the next generation of cybersecurity professionals by providing training that benefits both individuals and the security sector.
New methods for new results
As the workplace continues to shift and organizations confront ongoing uncertainty, they must also deal with how to fill in the gaps in their cybersecurity teams in a tight market. The fact that this gap has persisted so long proves that traditional attempts to address it through recruiting have not been entirely successful.
You need a new way of thinking about how to prepare individuals for the cybersecurity field—and you need to look for new kinds of individuals. Research demonstrates that women and veterans are excellent recruiting choices. In addition, teaching people as early as possible with agile, right-now training can help to fill your pipeline.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.