kras99 - stock.adobe.com
The cybersecurity industry has been experiencing a skills shortage for years. The expanding threat landscape, coupled with the ongoing pandemic, has only exasperated the problem. A mid-2021 survey revealed that the crisis is expected to continue, with respondents citing employee burnout, increased workloads and unfilled positions as their biggest problems.
The cybersecurity talent crisis is one of the most significant challenges faced by enterprises today. Many companies are hyperfocused on filling job vacancies as they're under pressure to meet security obligations, but this won't do the trick. Enterprises need to build and invest in a strong cybersecurity talent pipeline to meet both present and future needs.
To bridge the cybersecurity skills gap and set themselves up for success in the future, organizations must do the following five things.
1. Pick potential
While technical skills and expertise are desirable, they are not imperative for a role in cybersecurity. Enterprises should consider hiring candidates with aptitude and useful soft skills such as communication, creativity and problem-solving. Organizations should also recruit and train current employees who are keen to make the switch to cybersecurity.
2. Hunt for the best
As enterprises continue to rapidly digitize, they are becoming more vulnerable to cyber attacks and struggling to keep pace with the evolving threat landscape. Security teams need to upgrade their skills to out-think cybercriminals who are only getting smarter with time and advancing technology.
Enterprises should look for talent at hackathons and similar competitions that bring the brightest minds together under one roof. Tesla, for example, offered a car in reward for finding and exploiting vulnerabilities in the vehicle's system. The company also runs a bug bounty program, where it gives away large cash prizes to anyone who successfully hacks its vehicles' computer systems.
3. Go wide
Recruiters need to broaden their understanding of who "fits" in a cybersecurity role. Given the expanding threat landscape, even experienced professionals don't know everything about cybersecurity. In fact, people who understand what technologies an organization has -- and to what purpose -- may be a better fit in the long term due to their rounded perspective. People with curiosity and the ability to find problems often perform well in many roles, including those in cybersecurity.
Employing candidates with varying skill sets creates a more diverse workforce. Teams with members from different educational, professional and personal backgrounds view problems through multiple perspectives. This advantage enables teams to create more innovative outcomes.
4. Train throughout
Attackers are always evolving their skills and looking for new vulnerabilities to exploit. The shift to remote work has only aided cybercriminals' nefarious designs. Naturally, enterprises must protect themselves by bolstering their cybersecurity defenses. Beyond investing in better security products, organizations need to update their cybersecurity skills to align with current threats.
Enterprises also need to invest in continuous learning so that employees have the appropriate skills to combat new threats. Encouraging and supporting employees to acquire a cybersecurity certification is another way of updating skills.
Employers can't solve the skills gap on their own. Organizations must collaborate with academic institutions and think tanks to expand training and mentoring opportunities. Vendors of cybersecurity products should contribute by sharing their knowledge to expand the pool of talent.
5. Provide a supporting crew
Security teams need more than just subject matter expertise. They need to understand the role security plays in advancing the business and its interaction with other parts of the organization. The security team must have support from members of business operations, project management and HR. Implementing technology to automate routine security functions can also improve productivity by giving the team more time to focus on mitigating and protecting against threats.
About the author
Vishal Salvi is CISO and head of cybersecurity practice at Infosys. With more than 25 years of industry experience in cybersecurity and IT across different industries, Salvi has extensive management and domain experience in cybersecurity programs, delivery and sales. Prior to joining Infosys, he performed various leadership roles in cybersecurity and IT at PwC, HDFC Bank, Standard Chartered Bank and Global Trust Bank.