Addressing the Global Cyber Security Skills Shortage A Roadmap to Tackling the Supply & Demand Challenges of Today

Joel Earnshaw, Manager, Security & Risk, Perenti

Joel Earnshaw, Manager, Security & Risk, Perenti

The significance of finding and nurturing cyber talent in today’s highly volatile market cannot be understated. The cyber security skills shortage is a well-documented challenge affecting organisations across industries, with an estimated 3.5 million unfilled cyber security jobs globally. As such, we find ourselves at a precipice; as the cyber security jobs market continues to grow, so too does the gap between the number of qualified security professionals and open jobs. So what strategies can we look to implement to combat this growing shortfall?

Before we look ahead, we must firstly understand how we arrived here. We operate within a very intricate and ever evolving threat landscape, fuelled in many respects by the continued reverberations of the pandemic. Organisations were forced to adapt to enable new ways of working, and sustain their operations. We have seen the proliferation of cloud services and emergent technologies, along with greater access mobility and remote tele-working. All of which when coupled with the scale and complexity of our global networks, and our increasing reliance on third parties has significantly expanded the width and breadth of our traditional security boundaries. As our landscape has changed, so too has our attack surface.

With demand for cyber talent continuing to grow to address rising levels of risk and exposure, organisations are now competing with each other more than ever before to acquire the scarce talent available. That scarcity and competition is driving cyber security salaries higher; meaning that many organisations have now been priced out of affording those same resources, or can only afford a fraction of the resources they require to fulfil their growing needs. This in turn places additional pressure on our incumbent resources, pushing them beyond breaking point, leading to industry churn and burnout. The result is that there’s never been a more challenging time for employers to attract and retain cyber security talent.

We are at the height of the information age, cyber security is as prominent as ever, thanks to the recurring high-profile cyberattacks we see publicised with such regularity, ripping across the global stage. We all know that great benefits and culture are critical to luring and retaining top cyber talent. And the relationship between the quality of talent and performance outcomes is quite dramatic. So how do we find the ‘right talent’ to begin with? Particularly when the recruitment challenges for certified cyber professionals reflect such a widespread supply and demand problem.

In this arduous environment, we as leaders must be extremely mindful of burnout, and address it head-on. Quite simply, organisations have a duty of care that combines social and ethical responsibility to ensure the continued health and wellbeing of the employees in our charge. Outcomes-based flexible working arrangements must be the new norm. We should all provide greater support to our employees through health and wellbeing programs, whilst adopting strategies that enable a strong work-life balance. Encourage creativity, invest in automation and augment internal capability through meaningful external partnerships.

We also need to reset our expectations. By that I mean challenging the status-quo of what it constitutes to be a security professional. We as security leaders must now more than ever be pragmatic when defining role requirements, and look to individuals with cross-translatable or transferrable skills and experience. There is opportunity to tap into underrepresented communities and groups, to address the lack of diversity and gender equality that’s rife throughout our profession. The more diverse our teams, the greater the variety of different viewpoints, the more comprehensive and complete our perspective. And as leaders, we are reliant on different inputs from our teams to help provide the context necessary for us to make informed decisions. So the greater context our teams have, the more empowered they can be in the successful execution of their duties. The benefits of which don’t just stop there; this all leads to higher employee engagement and retention, increased creativity, higher innovation, more efficient and holistic problem solving and improved decision making.

But it takes great leadership to build great teams. No matter how impressive your company, the culture, or the role itself, people follow people. They will buy into a leader who inspires them, and invest in a shared purposeful vision. Having quality leaders, with exceptional leadership skills is absolutely paramount to retaining good talent. Organisations today only have a short window to identify, foster, and retain a pipeline of emerging security leaders. Doing so ensures the long-term sustainability and effectiveness of our security programs. We must implement actionable succession planning, and invest in leadership training programs today for the emerging leaders of tomorrow.

Quite Simply, Organisations Have a Duty of Care That Combines Social and Ethical Responsibility to Ensure the Continued Health and Wellbeing of the Employees in our Charge

Just as important as our leaders, are our peers and colleagues. Organisations must make strategic hires of people who won’t negatively impact other employee’s experience. There is a need to identify whether the individual is the right fit, not only by way of complementary skills and aptitudes, but also attitude, personality, and work ethic. This can be difficult to gauge, but accentuates the importance of pre-employment due-diligence in our hiring processes.

It is beholden on us as leaders to foster a team culture of respect, shared-purpose, and camaraderie. We need to establish and nurture meaningful business relationships, where our employees are trusted, valued, and truly empowered in the execution of their roles and responsibilities. Think of the humble gardener paradigm; we as leaders are the gardeners, and it is our responsibility to ensure we’re providing the right environment for our staff to thrive and flourish. A bit of pruning may be necessary at times, but tending to the needs of those in our care, will ultimately help cultivate a robust and resilient garden that yields bountiful returns. We must provide a safe and healthy team environment for our staff, one that serves as a platform for success, professional development and future growth opportunities.

Finally, we must invest in sustainable and accessible education pathways, where we identify and nurture cyber talent early. Building a strong pipeline of young and emerging talent to future proof capability, whilst driving forward continued cyber innovation not only now, but for years to come.