The Security Skills Gap: 4 Ways to Attract and Retain the Best Cyber Security Talent

According to a series of recent reports, there are approximately one million job openings for cybersecurity professionals today. Even more telling, is that figure is expected to grow to 1.5 million unfilled positions by 2019 and accelerate to more than three million by 2021.¹ Robert Herjavec, of Shark Tank TV fame and the CEO of the cybersecurity firm The Herjavec Group stated, “Unfortunately the pipeline of security talent isn’t where it needs to be to help curb the cybercrime epidemic.”²

Today’s companies are faced with attracting qualified candidates, navigating rising salaries, and implementing retention strategies to remain competitive. Some of the driving forces for the shortage of skilled workers include:

• A lack of experience in the varied disciplines to combat cyber crime
• Too few seasoned cybersecurity professionals available in the market
• The acceleration of complex cyber attack techniques

For example, a median candidate for an information security analyst position can expect an annual salary of $92,600 with top earners hitting $147,260, according to the Bureau of Labor Statistics.² The Bureau forecasts that salary will continue to rise to 18 percent by 2024.³

Earlier this month, New York City announced their "New York Works" initiative to pump $30 million into cybersecurity training, academic research, and development labs.⁴ They’ll also use the funds to incubate cybersecurity firms willing to relocate to the city.

The plan calls for investments in universities to increase graduates possessing computer science and cybersecurity degrees, partnerships with existing tech firms to increase job opportunities, and financial and tax incentives within areas of the city. As the Mayor of New York stated, “We act now, we believe [these jobs] will be developed here and it will become a very big sector. ‘He who hesitates is lost,’ they say. We're not hesitating."

The approaches to tackling the shortage differ, but it’s clear more efforts are needed.

1. Seek fresh talent.

Implementing programs to foster entry-level applicants who have their cybersecurity degrees with additional training programs to supplement their business and technical skills. Similar to the Blacksmith Apprentice, gaining experience and knowledge that increases in value over a period of time. The investment upfront is designed to yield experienced professionals over a longer term with the hopes of retaining talent through retention programs and company culture.

2. Consider the MSP model.

Outsourcing to a managed security solutions provider to handle the monitoring, remediation, and consultative elements. Managed Security Solution Providers (MSSPs) are uniquely positioned to leverage economies of scale over a base of end customers. The investments needed to run a Security Operations Center, obtain the various industry compliance certifications, and staff with qualified individuals makes it attractive to many firms seeking relief.

3. Remain open to organizational growth.

Using mergers and acquisitions is another strategy to acquire the much-needed cybersecurity talent. While this can be an expensive strategy, the demand for specialized talent is likely to yield companies looking to employ a buy-rather-than-build strategy. The stakes associated with breached customer records, compromised intellectual property, financial liability, and government regulations and fines will have an impact on boardroom decisions.

4. Keep alternative talent in mind.

Mark Twain famously said, “I have never let my schooling interfere with my education.” Searching non-traditional sources for talent, such as security conferences like RSA, Black Hat, and Def Con is a more accepted approach. A white hat hacker, also known as an ethical hacker, is a term used to describe someone who uses their knowledge, skills, and experience to help a company identify vulnerabilities, develop counter-measures, and improve their incident response. White hats gain their expertise from real-world experience probing networks and applications, familiarity with hacking exploits and tools, and understanding of the different methods employed.

Until the barriers are too high or the rewards are too small, the economics are on the side of the cyber criminals. Training, fostering, and developing the next generation of cybersecurity professionals can’t come soon enough!

Have security questions? Please feel free to reach out to our Tech Data Security and Information Management specialist today at securityservices@techdata.com or 800-237-8931, ext. 73246.

About the Author
Tim Ayer is currently a Product Marketing Manager with the Security and Data Protection division at Tech Data. As a 20+ year veteran in the IT channel, he has worked closely with some of today’s leading software publishers and hardware manufacturers to connect with VARs, MSPs, and system integrators. 

References:

¹ Security Intelligence

² CSO Online

³ Bureau of Labor Statistics

⁴ SC Media