Cybersecurity, the protection of online systems and documents is well on its way to having a crisis. There are currently more jobs available than there are qualified people to fill them. Research and general opinion both agree that this issue is likely to become steadily worse over the next few years.
One of the clearest signs of the impending issue was visible at the recent Black Hat Cybersecurity conference. There were at least fifty companies looking to recruit personnel and the majority of the scouts there were clearly desperate enough to approach anyone with some cybersecurity knowledge to submit a resume for them to assess.
In fact the problem is becoming so bad that many of the recruiters are being approached by firms to see if they want a better job. Poaching is becoming the norm as the qualified technicians pool rapidly drops in comparison to the number of jobs available. This problem is made worse by the fact that many companies are reluctant to make funds available for this crucial part of their business. In fact, less than ten percent of companies currently invest enough money into cybersecurity training.
Improving the process
It has been shown that many of the companies already recruiting additional technicians would have more success if they simplified the process. A cybersecurity position should be advertised in the broader context of the company to confirm the recognition of the role. It is also important to be upfront regarding the benefits which come with the position. This approach will ensure the people who are qualified know exactly what is on offer when they first consider the role and will make it more likely that they will apply; even if they are already working for a competitor.
The development of the crisis
Until just a few years ago security was always handled by the Windows administrators. It was seen as part and parcel of the same job. However, cyber attacks have become increasingly common and far more sophisticated. This has led to the need for specialist departments to deal with these threats and people are simply not receiving the training quickly enough to fill the gap in the market.
Helping to avert the crisis
Although the lack of qualified personnel is creating a crisis, it is possible for many firms to take a different approach to this issue. Instead of hiring expensive and difficult to find cybersecurity experts they should be looking at their existing procedures. Research suggests that there are many procedures and business practices which should be updated to avoid the need for a cybersecurity specialist. It is essential to provide good training to your existing IT staff. This will ensure they are able to stay on top of the latest developments, updates and even software patches, getting these things right can prevent many security issues.
Studies show that many cyber professionals live and work in the same area as each other. This can make it exceptionally difficult to find the right person if you are not based in the right place. The best response to this is to offer a package that cannot be ignored. It is even possible to attract the right person from outside of the country; but you will need to be certain you have complied with all the relevant rules and regulations.
Reasons why very few people are willing to fill the job – Training vs. qualification
It may not be that few people are willing, but more so that less people are qualified or have the experience. The generally agreed approach has always been to go with the most qualified; however there are many companies who are starting to become aware of the potential of those with less qualifications but a great deal of experience. In fact, those with experience; as opposed to qualifications, often have a better overall perspective and awareness of general market conditions. Thus helps them to deal with a wide variety of threats which can happen at any time.
Bottom line is security jobs in IT are tough to fill because candidates are not qualified enough. The good news is, many companies are willing to hire rookies and train them to become specialists. There’s a lot of cyber talent out there; all you have to do is convince candidates that they have a bright future working for you and your company.
Conosco.com (Paul Trevino)