Help Wanted: How to Think Creatively to Fill the Cybersecurity Skills Gap

It’s a matter of supply and demand. As in, the supply of cybersecurity professionals in the United States – and actually worldwide – is much lower than demand calls for.

The (ISC)² 2021 Cybersecurity Workforce Study reveals 700,000-plus cybersecurity pros joined the field in 2021, which is great news. Yet the gap equates to 2.72 million people worldwide.

Further, Cybersecurity Ventures predicts 3.5 million cybersecurity job openings in 2025 – a sure sign trouble is brewing since this indicates many organizations’ critical assets will be inadequately defended against cyberattacks and other security breaches. In fact, the publication states the “U.S. job market reflects a global supply and demand problem around recruiting candidates with cybersecurity certifications.”

Bottom line: The shortage of cybersecurity personnel is here to stay for a while. Therefore, it’s time to get creative and look beyond white-collar employees only.

Consider, instead, an innovative new-collar, approach.

Look beyond traditional college degrees

What does this mean? The new-collar approach focuses on proficiencies that could be honed through hands-on experience and professional certifications. Although you might prefer hiring people with a four-year college degree at a minimum, it might be time to loosen those requirements to fill open cybersecurity positions.

Some big corporations are taking note and helping out in creative ways. For instance:

• Microsoft has launched a campaign in conjunction with U.S. community colleges to help place 250,000 folks into the cybersecurity workforce by 2025.

• IBM will train 150,000 people to work in the cybersecurity field in the next three years. Its program includes partnering with historically Black colleges and universities to launch leadership centers to nurture an increasingly diverse workforce.

• Google plans to train 100,000 Americans for jobs related to data privacy and security, made possible through the Google Career Certificate program.

Clearly, companies are looking outside the traditional four-year bachelor’s degree program to make a dent in the cybersecurity personnel deficit.

Richard Branson, Mark Zuckerberg and Steve Jobs are among the brilliant minds of our time who either never went to college or dropped out. Not that we condone dropping out of school, but you get the drift. A degree isn’t the only ladder to success.

The new-collar approach focuses on sharpening skills through firsthand experience and professional certifications, such as the Google one listed above.

Or, think about former military personnel, who are trying to find their footing after leaving the service. Many of them have soft skills like proactivity, analytical thinking and problem-solving. They could be great at defending a company’s digital infrastructure.

Bring AI and ML into the picture

Look to invest in technology like advanced artificial intelligence (AI)- and machine learning (ML)-powered security solutions to help manage more mundane, day-to-day security tasks when security personnel are scarce. AI and ML enable you to fill critical voids by automating manual processes and threat alerts.

ML supports things like behavioral analytics and detects threats buried inside interrelated data. AI discovers threats and delivers insights into their origins. In fact, AI-powered security technology can help organizations improve their security posture by detecting ongoing or impending attacks, which can help ease the burdens of your security staff.

Many companies rely on a combination of artificial and human intelligence and often look to external cybersecurity solutions providers for help.

For example, some cybersecurity solutions partners provide a team that monitors security alerts 24/7/365 to provide a human element to automated processes. Others rely on a third-party security operations center (SOC) to monitor and analyze their security systems and respond to cybersecurity incidents on their behalf. Having such a provider by your side can help you and your security staff sleep at night by knowing your cybersecurity needs are covered.

Deepen the bench with relationships in education

DefenseStorm ensures we have a steady set of candidates that we can recruit from by partnering with a local university.

We have partnered with the University of North Carolina Wilmington campus for two years and provide a cybersecurity internship program that supports the training of future cybersecurity professionals.

This partnership helps both the next generation of cybersecurity professionals with real-world experience in our SOC, but also gives DefenseStorm a regular flow of recent graduates (that happen to have some real-world experience) as potential candidates to recruit. This is a strong win-win for both sides!

Cover your assets by minding the gap

Stéphane Nappo, vice president and global chief information security officer, Group SEB, once said, “It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”

The cybersecurity skills gap will be around for a while. And filling that gap goes beyond employing new people with new skill sets. It’s about you and your team thinking creatively and producing new ways and new people for solving complex cybersecurity problems.

Remember that cybercriminals get craftier by the minute. As such, financial institutions like yours need to do the same.