2019 cybersecurity workforce: Recruiting vs. re-skilling
The cybersecurity talent gap is not just an IT industry crisis. It’s one with global ramifications. As the inevitable march towards digitalizing the world continues, it brings with it a steady stream of new opportunities for bad actors to take advantage of systems and exploit vulnerabilities both new and old.
Cybercrime is becoming increasingly lucrative as the barrier to entry is lowered daily, with sophisticated and easy-to-use tools available for purchase on the dark web. The number of cybercriminals continues to rise while the gap of skilled cybersecurity professionals widens.
Why is that?
It’s easy to point to how hard it is to train a cybersecurity expert. That is slowly being addressed by the uptick in higher education institutions starting to offer infosec programs and cybersecurity degrees.
But the results of new educational programs are a long way off. And we really can’t afford to just sit around and wait. Security is a real business problem today, and simply recruiting new candidates is not a viable option to address the shortage for the foreseeable future. Not only that but because of the high demand and short supply, many companies hire talent at a large cost only to see them get poached by competitors 6 months later who are throwing even higher sums of money at the problem.
What if we’ve been looking at the wrong sets of skills? And overlooking the right set of candidates right in front of us?
Cybersecurity tends to look for traditional tech credentials. But cybersecurity is much more than a strictly technical role. Threats are constantly evolving, new technologies lead to new vulnerabilities, and technical proficiencies can become quickly outdated. At its core, investigating cybercrime relies on curiosity and problem-solving.
How many people in an organization fit that profile as opposed to having a four-year degree in computer science? Instead of looking for new recruits, why not look internally into the talent that is already there and give them the tools and foster their skills to take on a role in cybersecurity?
This would have not been possible a few years ago, but today, advances in fields like artificial intelligence and natural language processing are removing many of the technical hurdles that stand in the way of someone with raw curiosity and an investigative mindset to pursue a career in security. Machines will always outperform humans in certain tasks, but they are a long way from replacing human intuition and creative problem-solving.
Technology can augment human intelligence by making the data people need accessible and easy to understand. Imagine the possibilities if needing to understand how to write complex data queries was replaced by being able to ask questions of data in the same way you would speak with your friend. When people can ask intelligent questions of their data, technology can bridge the gap between the lack of technical skills to create and fill security positions that will otherwise remain elusive for years.
Opening up cybersecurity opportunities to non-traditional applicants not only widens the pool of candidates but also diversifies the workforce. This brings in new perspectives, experiences and lines of thinking which are important as cybercriminals have equally diverse backgrounds, and understanding your opponent is key to defeating them.
There are people making transitions to a new career in cybersecurity today, from gamers to retired police officers. This is possible through technology that gives people with an investigative mindset the ability to put that into practice without needing the tech expertise – which are two completely different skill sets. Being a technologist doesn’t make you a great detective, and that shouldn’t be surprising as they are both different capabilities.
A talent gap is not the real problem. There are many people within an organization that have the right talents. The real problem is a resource gap from the lack of tools and re-skilling opportunities for those who show the desire, drive, and potential to transition to cybersecurity roles.
Advances in technology are changing the playing field of who can enter the cybersecurity profession. It is a piece of the larger puzzle, but one that can have the fastest impact on filling the seats that need immediate attention. More importantly, it will challenge the status quo of the types of talent that ought to be considered for these roles to combat the skills shortage problem.