This Leap Day, let’s jump into action to address a critical challenge in tech: the widening gap in cybersecurity talent. With new tools, technologies, and complex cloud environments, the demand for skilled security professionals is higher than ever. However, finding people with the right skills is a challenge for many companies. According to a recent report from ISACA, 71% of organizations have vacant cybersecurity roles, and the gap is even wider for senior positions. This situation highlights the urgent need to find better ways to attract, train, and keep cybersecurity talent. It’s Leap Day, so let’s use the extra day to start implementing some of these strategies. 

1. Leverage AI and automation

Use technology to optimize processes and ultimately free up human talent for more complex challenges. “If you take artificial intelligence that can analyze a lot of data, that can streamline a lot of different tasks,” eSentire CISO Greg Crowley said on the Code to Cloud podcast. Take advantage of AI to automate routine SOC tasks, such as log analysis and alert triaging, which can help manage the volume of data and alerts more efficiently.

2. Broaden hiring criteria

Consider hiring candidates with unconventional educational backgrounds such as those with degrees in fields not directly related to cybersecurity but who have demonstrated a passion and aptitude for technology. “The most successful people I know in security are ones who come from a nontraditional background…But they are willing to learn, open-minded, very intellectually curious,” Frank Wang, Lead Security Engineer for Headway, said. 

3. Value soft skills

Cybersecurity is both a technical and human challenge. The ability to communicate complex security concepts to non-technical stakeholders, lead teams through crisis situations, and collaborate effectively across departments is crucial. “I think a great leader is someone that brings the best out of the people they work around and can influence a positive outcome” Teradata CISO Billy Spears said. 

4. Foster a culture of continuous learning

Promote professional development and continuous learning through training and certifications. Encourage and designate time for your team to complete free online security training like the coursework provided by major cloud providers. This shows you are committed to their growth. 

5. Facilitate mentorship

Encourage mentorship to accelerate professional development and build a supportive environment. Julie Chickillo, VP and Head of Cybersecurity at Guild said that being open to mentoring and supporting various groups —  for example, women in security groups — are great ways to make connections with and support security professionals.  

6. Encourage collaboration and knowledge sharing

Create a collaborative culture where team members feel valued and encouraged to share knowledge.

7. Clarify roles and responsibilities

Ensure job descriptions accurately reflect the roles and responsibilities to attract the right candidates. “When you’re not quite clear about what exactly that you need, or you’re not setting realistic guidelines around the leveling of the role itself, then you are bound to have some shortage. Because you’re not looking for the right people, you’re not tapping into the right groups,” Rohit Parchuri, SVP and CISO at Yext, said. Clarifying the expectations of the roles you are trying to fill will set you up for success. 

8. Prioritize the well-being of your team

Focus on the mental health and well-being of your team to prevent burnout.

9. Adapt hiring practices to industry trends

Stay informed about new practices in cybersecurity to attract forward-thinking candidates. 

10. Promote from within

Identify and develop internal talent for leadership roles to motivate your team and encourage loyalty. “Look for people who are naturally inclined toward security…Maybe you found these people more inclined in the hackathons or maybe they’re reporting certain security things above and beyond their job. Look for them,” Rohit said. “When you do that, you are promoting your internal staff, there’s more internal mobility that’s happening, and you are also gaining a lot of business context from these people rather than hiring from outside. They fit right into the role. The only thing that you have to teach them is the common sense around security,” Rohit said. 

11. Establish a feedback loop

Create mechanisms for receiving and acting on feedback from your team to improve processes and satisfaction.

12. Encourage networking and community engagement

Support team participation in networking events and conferences to foster community connections.

13. Lean on partners

With millions of unfilled security jobs, companies that leverage partnerships for certain security functions can help optimize your team’s focus on strategic initiatives. “Companies are going to have to lean on their partners and their security partners to fill that void,” Greg Crowley said. 

14. Lead with empathy and understanding

Adopt a leadership approach that prioritizes understanding and addressing team concerns.

15. Implement a security champions program

Foster a security-conscious culture across all departments by finding security champions. Pay particularly close attention to development teams. “Security is a unique field where threats are always changing, which some developers find fascinating — figure out who those individuals are and provide security training to them first,” Lacework Global Field CISO Tim Chase said. 

16. Support work-life balance

Encourage a balanced work approach by providing options like flexibility in schedules or remote work options.

17. Utilize gamification for training and engagement

Implement gamified learning experiences to make training more engaging and effective. This approach can improve skill acquisition and retention, making learning a more interactive and enjoyable experience for your team. “Bringing the adversaries or the potential challenges into the day-to-day life environment of the people you want to train, I think is the key part of making education successful,” Sprinklr CISO Gerald Beuchelt said. For example, you could gamify development through capture the flags (CTFs), other hacking contests, or red and purple team exercising. 

18. Align security goals with business objectives

Connect security practices with business continuity to demonstrate the security team’s value. Doing this can elevate the role of security within the organization, create a more fulfilling work environment for cyber teams, and engage talented individuals who are eager to contribute to both security and business success.

19. Recognize and reward excellence

Develop a system to acknowledge outstanding contributions, both in innovation and in day-to-day tasks.

20. Develop customized career pathways

Work with individuals to create personalized career development plans that align with both their own goals and the organization’s needs.

21. Enhance onboarding processes

Effective onboarding is crucial for integrating new hires into your cybersecurity team. This allows them both better acquaintance with technical aspects and an easier fit with the team’s culture and dynamics. Beyond mere paperwork and procedural walkthroughs, craft an onboarding experience that deeply immerses new employees in the company’s culture, mission, and operational methodologies.

22. Invest in security awareness across the organization

Tangible and relevant cybersecurity awareness campaigns contribute to creating a culture where cybersecurity is valued by everyone in the organization. This cultural shift can make the organization more attractive to potential hires who are looking for environments that prioritize security as part of their operational ethos. 

23. Monitor industry compensation trends

Regularly review and adjust compensation structures to remain competitive and fair in the fast-evolving cybersecurity market.

24. Implement a talent scouting program

Develop a program to identify and engage potential cybersecurity talent early, such as through partnerships with universities, coding bootcamps, or cybersecurity competitions.

25. Offer cybersecurity scholarships or internships:

Provide scholarships or internship programs to promising students in cybersecurity fields. This not only supports the education of future professionals but also creates a pipeline of talent directly aligned with your organization’s needs.

26. Promote cybersecurity as a career path internally

Educate your broader workforce about the opportunities and benefits of a career in cybersecurity. You may have potential talent in other departments unaware of the possibilities within the cybersecurity domain.

27. Participate in and sponsor cybersecurity competitions

Engage with the cybersecurity community by participating in or sponsoring hackathons and cybersecurity competitions. This not only raises your profile among potential recruits but also keeps your existing team engaged and sharp.

28. Provide access to cutting-edge tools and technologies

Equip your team with the latest cybersecurity tools and technologies. Access to state-of-the-art resources not only aids in attracting top talent but also in retaining them by enabling continuous skill development and engagement with their work.

29. Be approachable

As a leader, being accessible and ready to answer questions from your team (and others interested in or curious about cybersecurity) can help create a culture of transparency and trust. 

Closing the gap: Your next step

Navigating the cybersecurity talent gap is no small feat, especially with the skills shortage at an all-time high. Starting with just a few of these tailored approaches can make a big difference for your organization.

If you’re on the lookout to break into the cyber industry or searching for a new role that matches your skills and ambitions, our community job board is your go-to resource.

To stay up to date with the latest security industry trends, technologies, hiring strategies, and more subscribe to our Code to Cloud podcast.

Categories

• Blog
• Cloud Security
• Lacer Life