,
The threat posed by cybercrime has been likened to a new type of warfare that threatens, not only the revenue streams of businesses large and small, but the critical infrastructure of nation states. In this new arms race it is the cybercriminals that are winning, not by virtue of their ability to recruit the most talented hackers, but in the failure of their targets to deploy enough skilled individuals to mount an adequate defence.

In this article, Rob Phelps of Cybersecurity Jobs looks in detail at the mounting recruitment crisis in cybersecurity and what can be done to do address it.


The Scale of the Problem


With 1.5 million unfilled jobs in the cybersecurity sector by 2020, according to a report by Frost and Sullivan, the crisis in cybersecurity recruitment is leaving businesses and governments increasingly vulnerable to attack. Other studies, such as the Information Systems Audit and Control Association (ISACA), put this figure as high as 2 million by as early as 2019. To put this into context, there were an estimated 209,000 cybersecurity posts unfilled in the US in 2015, according to the Bureau of Labor Statistics. That’s a lot of weaknesses in a lot of companies’ IT security.


The problem is inescapable whatever study you cite, but why, in such a fast growing industry (expected to be worth $101 billion by 2020), is there such a shortage of talent? There is no simple answer to this question, with many social, cultural and political factors coming into play in an issue that’s tied to wider issues around global geopolitics and information sharing between states and organizations. One of the big drivers though, is the failure of governments and businesses to recruit from a wider talent pool. By opening the door to individuals without a traditional technology background, security firms and departments could begin to tap into an entirely separate talent pool, outside that of traditional tech qualifications and experience. 


Many skills found in cybersecurity professionals, like curiosity, a forensic attention to detail and strong ethics, aren’t those that can be taught in a classroom and aren’t exclusive to those with a traditional cybersecurity or even IT background. Whilst gateway courses and apprenticeships will be needed to bring these individuals into the industry, the potential for plugging the recruitment gap is real. 


What can Businesses do?


There are a number of things businesses can do to prepare for the problem and future proof their own cyber security. IBM is already taking big steps in this area by introducing ‘new collar’ jobs that are prioritizing requisite skillsets and willingness to learn, over degrees and education. 20% of the company’s US recruits in cybersecurity now come from their new collar programme.


But the problem isn’t limited to large multinational tech companies like IBM. Organizations of all sizes and across all sectors can take steps to prepare for the future and get highly talented cybersecurity individuals in post and protect themselves from data loss.  These include:


  • Re-evaluate workforce strategy: Your hiring programme should reflect the skills required in the future as well as today. Be aware that this talent can come from a variety of places outside of the usual educational pathways, recruitment programmes and career fairs. 


  • Build local networks: Information sharing doesn’t have to mean breaching data security. Working in local, regional and even national networks to help educate and raise awareness around key areas of concern is an important social and community role for an organization to play. Building interest in students from a young age is also important in inspiring the next generation so involvement in local schools and colleges is also something that needs to happen.


  • Mentor and rotate new recruits: With data crucial to almost every aspect of a modern business, cybersecurity can’t exist in a departmental vacuum. Support and nurture new recruits by exposing them to different areas of the business so they can work on different projects and find where their skills are best applied.


  • Continuing professional development: Cybersecurity is constantly evolving so it’s important to invest in upskilling and training your team, whilst keeping the door open for employees looking to move into this area internally.

Finding a Job in Cyber Security


For those with a technical background or even just an interest in the field of cybersecurity, there are many paths into the sector. Make no mistake though, cybersecurity is a complex field that requires a strong technical knowledge and many years of training and experience to progress in. An existing career in IT is preferable and can be used as a base to get a more rounded knowledge that encompasses cyber security. 


The first step is to research the discipline and work out a career path that gets you to where you want to be. Training and certification is then a useful way of opening doors in this field and getting onto the first rung of the ladder. The CEH (Certified Ethical Hacker) and the Global Information Assurance Certification GPEN (Certified Penetration Tester) are two recommended in the UK. In the US, check out the information on the NICCS website.


Once you have enough experience, you should look at apprenticeships, internships and work experience as a way of gaining employment. It’s not easy but the rewards and remuneration of a successful career in cybersecurity are considerable. One thing that you can pretty much bank on though, is that job scarcity isn’t going to be a problem.