If you have found your way to this blog you probably already know the situation. Probably a million cyber jobs needed. The record number of cyberattacks show no signs of slowing. And as these threats evolve, so will the need for advanced cyber defenses. To implement, monitor and analyze the data of these services will require an influx of talent.
It’s not an overnight transformation, but takes years of analysis, learning different systems, and understanding how malware, phishing scams, and various threats evolve. So, building new skills for existing employees is vital, but sadly, it won’t be enough and can’t be done fast enough to meet existing threats. Moreover, while organizations may be dealing with any number of threats in real-time, they also need to look ahead to future needs. Building a diverse pipeline of talent will bring in new perspectives and make the security team stronger.
Today’s culture of security will only be as strong as tomorrow’s talent. And as the talent gap continues, companies need to get creative about how and where they find the next cyber expert. This could be achieved by partnering with local schools and funding more science, technology, engineering, and mathematics (STEM) programs, creating more internship or apprenticeship opportunities for early talent, or launching a robust upskilling or retraining initiative internally.
More proactive students or early career practitioners may seek out online courses to learn more about cybersecurity career paths. The SAP Cybersecurity Virtual Internship Program offers modules to dig in to password security, identify and target phishing attempts, and analysis of systems and identity as one example. Courses like this can give job seekers a taste of what a career in cybersecurity may look like.
Cyber Recruiting Is Different
Of course, hiring new employees from the outside has to be the most urgent priority while these longer term programs gain traction. This route is also fraught with pitfalls too. For instance:
- How do you show up? – All IT tech jobs are challenging because there is always high demand. However, finding cybersecurity talent is much harder. The demand (as you already know) is in uncharted territory and may be responsible for the most IT jobs of this type in history. It is a sellers market and trying to get the attention of top cyber talent is sometimes nearly impossible. Further, if you are Netflix or Bank of America, you may be fine. If you are a law firm or a food distributor (for example) you may not be able to “show up” amongst a sea of employers.
- Job Boards probably won’t work. The talent on job boards should make you question why they are on a job board. There are so many jobs for good cybersecurity talent that resorting to job boards seems suspicious. This is not always true, of course, but you should be wonder why at the very least and drill down on that aspect during pre-screening. Are they damaged somehow? Do they have performance problems? Are there ethical concerns? Are they in over their head technically? Are they difficult to work with in teams? There may be perfectly good explanations but in my experience there is probably some sort of problem. This applies to cyber jobs and not is universally true for other job categories.
- Probably not currently looking. The best talent is not looking for a job. They are heads down trying to defeat the cyber bad guys and probably at their physical and mental limits – many working more than 60 hours per week. If they are looking there may very well be a reason that you do not want to inherit.
- Usually not about the money. Contrary to what you have been lead to believe, it is not about the money. Whether your cyber talent is happy and likely to stay with you for a while depends on: 1) What technologies they are able to get exposure with, 2) What is the quality of other cyber talent in your organization and can they learn and be challenged by these employees, and 3) The quality of the cybersecurity policy your organization pursues. Said plainly, are you pursuing goals that look good to the uninformed (top brass and Board members) or goals that rationally protect the organization. Top talent can plainly see the difference so policy, capital investment, and the other talent you hire says volumes that speak louder than just dollars.
- Recruiter Not A Dirty Word. Many organizations do not use recruiters due to the expense associated with them placing top talent. Make an exception for cybersecurity jobs and do it now. Moreover, don’t waste time with recruiters that don’t know the technologies and the language. You will end up spinning your wheels and having to over-explain things that should be obvious. Speed in getting top talent in place is by far the most valuable resource at play. The fee is worth with in this cybersecurity talent market. You will end up spending more than the amount of the fee in your time and interviewing candidates that don’t have the qualifications you need.
Five years from now, what we currently know as cybersecurity could completely change. As organizations continue to digitally transform and migrate networks and services to the cloud at rapid speed, there will be entirely new security challenges that don’t exist today. Navigating these challenges and architecting new solutions will likely be the legacy of the next phase of security talent – but only if they are set up for success now with the talent you need.