The cybersecurity industry is experiencing a massive skills shortage comparable to the demand in cyber talent. In the US alone, over 464,000 cybersecurity positions were unfilled in June 2021. This is nearly a third of all US cybersecurity roles as the current workforce totals up to approximately 956,000.
The cybersecurity skills gap poses a significant risk to companies in the US and around the world. Without the ability to find qualified personnel to fill key positions, organizations are unable to properly monitor and secure their networks, leaving them vulnerable to cyberattack.
Why Does Such a Large Skills Gap Exist?
The cybersecurity skills gap was created by several different factors. Some of the leading causes of cybersecurity skills shortages include:
- Lack of Applicants: The field of cybersecurity is growing rapidly, and the pool of qualified and interested applicants is not keeping up. Cybersecurity is one of many disciplines in the field of computer science, and more new roles open each year than new cybersecurity professionals emerge to fill them.
- Desire for Experience: Companies want to hire candidates that possess the knowledge and experience necessary to protect them against cyber threats. However, this makes it difficult for new graduates to find jobs that allow them to gain the needed experience.
- Focus on Credentials: Job descriptions for cybersecurity roles commonly require a degree and a collection of related credentials. However, many skilled applicants lack these credentials, and those that have them do not necessarily have the skills needed to do the job.
The fact that the growth of cybersecurity jobs outstrips the expansion of the workforce makes a cyber skills gap inevitable. However, companies’ expectations regarding potential candidates can make it even more difficult to attract needed cybersecurity talent.
Solving the Talent Shortage Through Professional Development
The need for cybersecurity talent is not going to go away. The cyber threat landscape continues to evolve, and companies need to protect their critical IT assets against attack. If traditional talent pipelines, like universities and cyber bootcamps, cannot meet organizations’ needs for cybersecurity talent, then they need to develop that talent themselves or leverage specialized firms such as MorganFranklin Consulting to bring the talent to the table.
Many organizations have employees for whom a switch to cybersecurity is a small change. For example, a network manager has many of the skills needed to monitor and secure networks against attacks, and a developer mainly lacks some basic training in vulnerability management to become a secure coding champion. By identifying employees looking for a transition into cybersecurity and providing targeted training, organizations can attract and retain cybersecurity talent from inside their organization.
Another way to build needed cybersecurity talent is to move away from the focus on experience during the hiring process. Instead of looking for an established cybersecurity professional, identify a promising newcomer and offer on-the-job training and professional development. This enables an organization to source the exact talent that it needs and work to reverse the growth of the cybersecurity skills gap. Co-founder and managing director of the cybersecurity practice at MorganFranklin Consulting, Jonah Dimeo, has seen the evolution of cross-technical training and has leveraged partnerships with product companies to obtain experience with tools that aid professional development. “Fulfilling this demand for cybersecurity talent is going to be challenging for any organization with critical needs,” Dimeo says. “Having a network-based pipeline of talent, offering better base packages, innovative PTO, learning opportunities, and a full or a hybrid remote work environment will help you deliver. The days of ‘spray and pray’ job postings, however, are no longer an option for the growing cyber demand.”
How MorganFranklin Can Help
Filling needed cybersecurity roles through professional development has its challenges and not everyone has a pipeline of cyber talent waiting to join their organization. It takes the average company 2-4 months to address any niche cyber skill sets needed for hire. In the short term, an organization needs to ensure that it has access to the talent that it needs to protect itself against cyber threats. Additionally, new cybersecurity personnel need access to mentors to help them to gain knowledge and advance their careers from true subject matter experts.
MorganFranklin can help an organization to address both challenges. MorganFranklin consultants can augment an organization’s existing security team to close critical skills gaps and provide consulting, advice, and mentorship to help build the maturity of an organization’s security posture and personnel as well as serve as an interim solution to a permanent need. MorganFranklin’s services and solutions are a one stop shop for any project or cyber talent need on a consulting basis, leveraging years of recruiting experience and connected network talent pool to bring the right talent, no matter the ask.