The cybersecurity space is in dire straits. Hackers are getting smarter and more sophisticated…and the availability of skilled men and women to combat them has never been lower. It’s an issue that’s been slowly growing worse year over year, yet there’s no clear solution in sight. What’s a business leader to do?
The good news is that there’s never been a better time to be a cybersecurity expert.
That bad news is that it’s because the market for cybersecurity professionals has never been tighter. As noted by Gartner senior research analyst Sam Olyaei, the unemployment rate for men and women with cybersecurity expertise is almost zero. There are more jobs than there are people to fill them; this skills gap is going to get worse before it gets better.
“If you’re a cybersecurity professional with any kind of skill set, you already have a job and multiple offers on the table,” Olyaei explained at last year’s Gartner Security & Risk Assessment Summit. “The talent shortage is here and it’s here to stay. It’s not going away, so we can either confront it or be left behind and lose our seat at the table.”
Therein lies the problem, though. How exactly does one confront it? After all, as a small business, you might not necessarily even have the necessary budget to hire a dedicated cybersecurity professional.
Here’s the thing, though – you need to do everything in your power to make the funds available. Large data breaches might make more headlines, but small businesses are targeted and successfully hacked far more often. Criminals know that a lot of smaller organizations don’t have big cybersecurity budgets.
That’s why 58% of malware victims are small businesses. It’s why 61% of small businesses experienced a cyber attack in 2017. And it’s why attacks against small businesses are gradually becoming more sophisticated and damaging.
Because criminals know there’s money in it.
The good news is that you don’t need a multimillion-dollar cybersecurity budget to protect your data, workers and customers. Just offer your IT professionals a decent wage – and rethink how and where you look for cybersecurity professionals.
Here’s how: revisit your hiring practices. Instead of focusing on things like degrees or certifications, hire based on skill, talent and personality. Certifications can always be acquired – but if you mandate that they’re a necessity for a particular position, you’re cutting out an entire subset of nontraditional candidates who could be a great fit for your team.
- Re-evaluate your recruitment model. Speaking of nontraditional candidates, what pools are you hiring from? The computer science department at your local university is a great place to look, sure – but the people studying there are being courted by multiple businesses already. Instead, look in new places like different degree programs such as music or mathematics at community colleges, private technical schools and so on.
- Examine your job listings. Look at the listings you’ve posted on job boards and ask yourself one simple question: if I were looking for a career in cybersecurity, would I apply to this company? If the answer’s no, you’ll need to do a few things.
- Adjust your job titles to make them more accurate and enticing.
- List only the minimum requirements for a position – There’s no sense putting forth a laundry list of qualifications that you don’t actually need, as this will only serve to alienate prospective applicants.
- Think about the perks of working for your company. Your goal here is to convince candidates that your business is a great place to be – a dry, by-the-numbers posting that focuses entirely on responsibilities isn’t going to achieve that.
- Seek partnerships. Partner with business leaders like universities, government organizations and academic programs. The more partnerships you form with such organizations, the more opportunities you’ll have to track down new talent. Don’t stop there, either – consider also partnering with other businesses in your industry; yours isn’t the only organization suffering from the talent shortage, after all.
- Incorporate training programs for new hires. After hiring a non-traditional employee, your first goal should be to get them up to speed on what they’ll be doing (and what they’ll need to do). For that reason, training that helps them learn the ropes engages them with your organization and helps them learn and refine their skills are a must. Treat these workers as investments, not resources.
Beyond your hiring process, there are a few other steps you’ll want to take to make your business more appealing to prospective hires. The most important is your company culture. Your business should be a fun place to work – a place where growth, excellence and expertise are encouraged and rewarded. Sit down with your organization’s leadership and discuss how you might improve company culture.
And focus on appealing to millennials – they’re at the core of solving this problem.
Last but certainly not least, automation is key here. There are plenty of manual tasks and responsibilities that can easily be pushed to security software. The last thing you want is for your talent to end up working on boring, manual tasks that are a waste of their abilities.
You want them free to focus on more important stuff.
The looming talent shortage in cybersecurity isn’t going away. But it’s also not an insurmountable challenge, even for smaller businesses. By revisiting your hiring process, promoting a better company culture and leaning more into automation, you can get rid of the elephant in the room and focus on protecting your business’s most valuable assets from those who would do it harm.
About the Author: Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.