Hiring in cybersecurity is always a challenge, but a smart strategy and the right recruiting partner can help your organization. Here’s what should be at the forefront of your mind as your company looks to fill critical roles in IT and cybersecurity.
High Demand for Skilled Workers
The demand for cybersecurity experts has been growing continuously for years. According to research by Cybersecurity Ventures, the number of unfilled cybersecurity jobs has grown by 350% over an eight-year period, from 1 million positions in 2013 to 3.5 million in 2021.
Even more complicated: requirements for cybersecurity and IT jobs change more rapidly than nearly any other field, making it even harder to find a candidate with the right qualifications. Every new technology requires new digital security, and the qualification pipeline can’t always keep up. Add to that the fact that so many cybersecurity jobs require extra certifications beyond “just” a college degree, and it becomes ever more challenging for companies to locate and compete for the right talent.
A Skills Gap Crisis?
CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE) as part of the U.S. Department of Commerce, maintains a “heat map”, breaking down where cybersecurity job openings exist, what certifications they’re looking for, and, perhaps most importantly, where the workforce and the job requirements don’t match up.
For instance, as of this writing, CyberSeek reports 94,807 people with the Certified Information Systems Security Professional (CISSP) certification – and 94,175 job openings listing that certification as a requirement. That would mean that nearly every single person with a CISSP certification would have to take a current job opening in order to fill them all. Similarly, there are 37,653 current holders of the Certified Information Systems Auditor (CISA) certification, but 80,685 job openings requiring it – more than twice the number of jobs than people who can fill them. And for Certified Information Security Manager (CISM) jobs, there are 19,110 certification holders, but 55,561 job openings.
These gaps are not exclusive to IT and cybersecurity. In fact, skills gaps and reskilling are major concerns across the workforce as a whole. In a survey of over 500 HR leaders across 60 countries and all industries, Gartner found that the number of skills required for a single given job is increasing at 6.3% annually. Meanwhile, reskilling is vital for many workers: the same research estimates that 29% of the skills in an average job posting from 2018 will be obsolete some time in 2022 (or already are obsolete).
Training for the Future
On the plus side, the tech sector is making big moves to try to address these challenges. Training programs and talent pipelines are becoming a built-in part of strategy for many companies. For instance, Deloitte, under the Deloitte Cyber banner, has put together a train-to-hire program, which creates a sort of “boot camp” environment to train candidates to fill specialized cybersecurity roles that otherwise would have to be filled by a limited pool of certification-holders.
“Don’t be concerned if you don’t have all the certifications or the degrees or the capabilities that you think were historically needed for cyber,” Deborah Golden, Deloitte U.S. cyber and strategic risk leader, told Fortune in June 2022. “Given where the market is today, there’s a need to have greater diversity of thought, and, just candidly, more and different types of skill sets and backgrounds coming to solve.”
Cybersecurity training is starting even earlier, and even the White House is getting involved. In August 2021, the Biden administration announced plans to bolster the nation’s cybersecurity in partnership with tech giants and nonprofits, including:
- Code.org committing to teaching cybersecurity basics to 3 million students, including 2 million K-12 students over the next three years.
- Google announcing it will help 100,000 Americans earn industry-recognized digital skills certificates.
- IBM committing to training 150,000 people in cybersecurity skills over the next three years, including a partnership with more than 20 historically black colleges and universities (HBCUs) to diversify the cybersecurity workforce.
- Girls Who Code establishing a micro-credentialing program for historically excluded groups in technology.
Even beyond training, hiring today in the cybersecurity field is incredibly competitive. Individuals with the qualifications to fill these roles have their pick of job offers, meaning that companies looking to attract and retain top talent will need to step up their offerings. This means the basics, like competitive salary and great benefits, but it’s also about the day-to-day things that make a job great – or that send employees and candidates into the arms of the competition. Investing in a great culture, with a true sense of belonging, the possibility of advancement, and a positive workplace can truly set an organization apart, especially in the high-stakes and high-stress world of cybersecurity.
By Daniel Midoneck