The cyber security skills gap was a problem prior to the pandemic. In a survey of 342 security professionals released in early 2020, Tripwire found that 83% of security experts felt more overworked going into the new year compared to how they felt at the start of 2019. Tripwire asked respondents to elaborate on that sentiment. In response, almost the same proportion (82%) of survey participants said their teams were understaffed, with 85% revealing that it had become more difficult for them over the past few years to hire skilled security professionals.
These findings raise the question: has anything with the skills gap changed since the pandemic?
Developing vs. Retaining Cyber Security Talent
In a 2021 report, Hays US reveals that organizations are still struggling to fill their demand for cyber security talent. Three in five respondents told the specialist recruitment firm that they found it difficult to recruit skilled cybersecurity personnel. In addition, many organizations cited insufficient funding as one of their top cyber security challenges in Hays’ report. This finding indicates that at least some organizations might be facing obstacles other than a small talent pool when it comes to hiring for their cyber security needs.
The good news is that organizations can expand the number of potential applicants by looking to cultivate cyber security talent within. Hacker and AppSec advocate Alyssa Miller agrees. As quoted in another blog post:
The fact is we have to start looking internally. We have to start looking at which folks within our organization have a desire to expand their skills into security. We should start looking at how to develop those people, how to enable them, how to provide training and how to provide them with opportunities that show what they can do in security.
The bad news is that organizations are struggling with this course of action, as well. Hays US found that just 55% of organizations felt capable of developing cyber security talent. Even fewer (39%) said that they could retain those staff members once they acquired them.
Tackling the Cyber Security Staff Retention Issue
Organizations need to be able to retain cyber security personnel if they are going to address the skills shortage discussed above. Towards that end, they can follow some of the recommendations provided by Hays in its report. These include the following:
- Get involved in the cyber security community: Cyber security isn’t a monolith. It’s a diverse community that’s full of people with different origin stories and specializations in the industry. With that in mind, organizations might consider engaging the cyber security community more generally by holding local security events or meet-ups. This can help them to network with local experts who might be looking for a job. It can also incentivize cyber security professionals to stay on the payroll by providing them with a space of ongoing learning, networking and engagement right in their own workplace.
- Offer upskilling opportunities: Perhaps some organizations feel limited in their ability to develop and retain cyber security talent due to a lack of expertise. Fortunately, organizations don’t need to be responsible for creating the upskilling content themselves. They can instead partner with many respected IT security training providers to help their employees get the security skills they need. Organizations’ cyber security professionals can then leverage those same resources to keep up with their certifications and to learn about some of the newest digital security technologies.
- Partner with educational institutions: Higher education institutions are key to filling the cyber security skills gap. Recognizing this, organizations can partner with colleges and universities to help give cyber security students the experience they need to succeed in their careers. By offering internships specifically, organizations will give budding security personnel an opportunity to see what it’s like working for them before they’re hired. Knowing what to expect helps graduating students to make more informed decisions about where they want to work when it comes time to find a job.
- Re-evaluate the requirements of the role: Sometimes, it’s not a lack of talent that’s preventing organizations from fulfilling their cyber security needs. It could be misaligned expectations for the role in question. That’s why it’s important for organizations to challenge their assumptions when they’re looking to fill a role. They could do this by considering whether some of the skills they’re looking for can be found in a different type of role or whether relevant work experience can suffice for security qualifications.
Lastly, organizations can improve their retention rates by outfitting their cyber security professionals with solutions that make their jobs easier. Tripwire’s solutions do this by using automation to free security professionals from needing to perform the tedious security and compliance tasks that commonly lead to burnout, for instance. They can then spend their time on more important things that make a meaningful contribution to their employer’s security.
Learn more about how Tripwire can help your organization address the skills gap here.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.