The cybersecurity skills gap is well documented. According to (ISC)2 research, the shortage of cybersecurity professionals is nearly three million globally with close to half a million in the U.S. alone. What’s more, 60 percent of those surveyed say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
The pressure on HR departments to fill these critical positions has never been greater. Yet a typical response is to do what they’ve always done: partner with colleges and universities to fill these high-demand jobs, while colleges and universities rush to accommodate a non-traditional field of study within a traditional approach to education. And the skills gap widens.
I’d like propose a whole new approach.
HR is not the Expert in Cybersecurity
Most HR departments (and institutions of higher education) aren’t currently equipped to meet the continuing demand for cybersecurity skills.
So, what can your organization do? Dig deep and evaluate whether your HR department can effectively recruit and retain critical security talent to meet your organization's current and future demands.
4 Signs HR May Require Training on Cybersecurity and Required Skill Sets
Consider how your HR department recruits for cybersecurity talent and whether they are doing your organization a service—or a disservice. Here are 4 signs that your HR Team may require cybersecurity guidance or coaching.
Are Job Descriptions Effectively Written to Favorably Promote the Company, its Culture, Potential for Growth, etc.)? In other words, does it make someone want to work there?
I often post jobs for the Tech Data Security Solutions team and am always delighted with the amazing number and quality of candidates who apply. We typically find qualified candidates within one day and fill published positions within one week. But this is the exception.
While many factors contribute to our success, I consistently hear from interviewees that "I applied because I could tell from the job description that you guys know what you’re doing."
Job descriptions that combine several jobs into one tell candidates that you’re either looking for a unicorn or you’re trying to save money by pinning outsized expectations onto what is likely to become a “short-timer.” Your HR department should advise you when job requirements or salaries are unrealistic or when they see red flags.
Do you have unrealistic expectations?
Recruiting for an "entry level" position that requires previous experience is illogical. Either the job is entry level or it isn't. HR should push back on hiring managers when their expectations are unreasonable. Why pay for professionals who do not serve you well?
Does your inability/unwillingness to pay a competitive salary guarantee your job will remain unfilled or be filled by a bad or short-term candidate?
A competitive market demands competitive salaries. Not paying market price drives up demand which drives up market costs. If you hire and fill your positions, demand will go down along with salaries.
HR must inherently understand the job market and advise hiring managers what cybersecurity professionals are paid, so you can avoid the finger-pointing that costs your organization money.
Are you fishing in a desert?
Though colleges and universities say they want to provide immediately employable talent, they’re truly not equipped to deliver what today’s businesses need. Unlike the static nature of most other fields, cybersecurity is highly dynamic. Threats change continuously and the rules must change with them.
Consider that, since 2013, the demand for cybersecurity professionals with automation and risk management skills has grown by 225 percent and 133 percent, respectively, according to HRDive.com. And it’s projected that, over the next five years, public cloud security and Internet of Things skills will be among the highest demand cybersecurity skills.
Because of this fast-changing technology environment, cybersecurity training constantly needs to be revamped—which requires educational approaches to constantly be re-validated. Unfortunately, most colleges and universities today dwell more in tradition than in innovation. A degree in computer science, even with a cybersecurity specialization, is not what most employers want.
So, even though your HR department may have "good relationships" with colleges and universities, trying to find security experts there may be a sign that they’re relying on tradition to solve a modern problem.
Take a New Approach to Cybersecurity Skills
If your HR team is not sending you the proper candidate set, educate and coach them. Work with your HR Team on the right skill sets required, where to look to find them, writing a more eloquent, appropriately described/defined position description, salary ranges for skill sets required, etc.
If this isn’t within your domain, find the cybersecurity talent you need—or nurture cybersecurity skills in existing talent—using innovative or non-traditional approaches. OEM trainings, certifications, and specializations are one avenue, but they may not have a real-world learning component to them.
A “cyber range” offers real-world experience in detecting, preventing and remediating threats. These environments can mirror your environment. Threats are launched, allowing your team to manage the threat without impacting the production environment.
Tech Data: Your Cybersecurity Skills Partner
With Cybersecurity Ventures predicting that there will be 3.5 million unfilled cybersecurity positions by 2021, Tech Data believes it is our responsibility as a global IT Solutions Distributor to engage in solving this critical problem. The Tech Data Cyber Range is the first ever cyber range hosted by an IT distributor. By leveraging the Cyber Range, our partners will be equipped with the skills necessary to design holistic cybersecurity solutions and services that mitigate the most advanced cyber threats in the industry.
To learn more about how our cyber range can help you strengthen your current cybersecurity team through access to the most advanced cybersecurity technology available on the market, e-mail us at firstname.lastname@example.org.
About the Author
Brett Scott serves as director of security solutions for Tech Data where he is responsible for new supplier research and recruitment. Brett is the co-founder and technical architect of the Arizona Cyber Warfare Range, a non-profit organization leading the country in teaching hands-on cyber security skills in a real-world environment to those motivated to develop real competence in cyber security. A hands-on leader with years of experience leading technical teams, Brett has worked in an array of industries and is an expert on cyber security issues facing companies today.