Cybersecurity Talent Shortage Requires New Approaches
Cybersecurity protects against theft or damage to software, information, hardware and almost everything else online. Whenever we make a purchase on the web, we look for that little gold lock of reassurance that we are safe in entering our information. But who is responsible for creating that safety? The people behind the screen, that’s who.
It’s obvious that cybersecurity is incredibly vital to operating businesses and making the customers and users more comfortable with releasing their personal information on the internet, but there has actually been a shortage of people filling the jobs in cybersecurity lately.
The General Manager of IBM Security, Marc Van Zadelhoff, explains how IBM is trying to create new opportunities for people who are knowledgeable in cybersecurity, but maybe don’t have that specific degree to prove it. He refers to them as “new collar” employees.
Here are some excerpts from Zadelhoff’s article “Cybersecurity Has a Serious Talent Shortage. Here’s How to Fix It”, from the Harvard Business Review that really focus in on how to hire new collar opportunities in cybersecurity:
One way IBM is addressing the talent shortage is by creating “new collar” jobs, particularly in cybersecurity. These roles prioritize skills, knowledge, and willingness to learn over degrees and the career fields that gave people their initial work experience. Some characteristics of a successful cybersecurity professional simply can’t be taught in a classroom: unbridled curiosity, passion for problem solving, strong ethics, and an understanding of risks. People with these traits can quickly pick up the technical skills through on-the-job training, industry certifications, community college courses, and modern vocational and skills education programs.
We began using this approach about two years ago, and its success has been clear: 20% of our U.S. hiring in cybersecurity since 2015 has consisted of “new collar” professionals. Other organizations can use a similar approach by establishing apprenticeship opportunities, emphasizing certification programs, exploring new education models, supporting programs at community colleges or polytechnic schools, and looking for talent in new places. Some of our recent additions to the security team came from unexpected career fields such as retail, education, entertainment, and law. The two things they all had in common? They were curious about security and motivated to learn the skills.
Building a pool of talent to fill these “new collar” jobs is also an important part of the equation. A great example of this is the P-TECH educational model (Pathways in Technology Early College High School), which provides a training avenue for students to jumpstart their careers in cybersecurity. Public high school and college students in grades 9-14 get hands-on experience with the most sought-after technical skills. By combining specific elements of high school curricula, community college courses, hands-on skills training, and professional mentoring, these students are primed for successful entry into highly technical career fields. The P-TECH model has expanded to over 50 U.S. schools and 300 industry partners, with the goal of expanding to 80+ schools in 2017.
Of course, cutting-edge technology is going to be at the center of these “new collar” jobs. Artificial intelligence, for example, is being used in the workplace in a wide range of ways, and in cybersecurity it is already creating opportunities for “new collar” positions. AI not only provides a way to help overcome the skills shortage, but is also an important step forward in the way employees will work and companies will defend themselves. We’ve found that by using AI to gather and correlate the insights from the 60,000 security-related blog posts each month, security professionals can digest the relevant information much more efficiently, allowing organizations to up-skill their employee base. Companies are already using Watson for Cyber Security to connect obscure data points humans can’t possibly identify on their own, enabling employees to find security threats 60x faster than manual investigations.
Companies that are interested in using a “new collar” approach to fill security positions should consider the following:
- Re-examine your workforce strategy: Do you know what skills you need today and tomorrow to run a successful security program? Realize that skills and experience can come from a variety of places, and adjust your hiring efforts accordingly.
- Improve your engagement and outreach: Don’t limit yourself to the same old career fairs and recruiting programs of yesteryear. Get involved in community colleges, P-TECH schools, and other educational programs to start building your recruiting base.
- Build a local cybersecurity ecosystem: Connect with government organizations, educational institutions, and other groups. Sponsor Capture the Flag security events, and work with local middle and high schools to generate interest in the field. These groups are always looking for willing experts and mentors.
- Have a robust support program for new hires: Mentorships, rotational assignments, shadowing, and other opportunities help new cybersecurity hires gain experience and learn. Remember, not everyone knows what they want to do right away. Keep new hires engaged by giving them the creative freedom to work on different projects and explore new technologies and services.
- Focus on continuous learning and up-skilling: To retain your new talent, keep employees current on the latest skill sets through classes, certifications, and conferences. Cybersecurity is a highly dynamic field, requiring ongoing education and exploration. And be open to employees from other areas of your business who express interest in cybersecurity career paths. Remember that AI provides employees with more intelligence and contextual recommendations at a speed and scale previously unimagined, so up-skilling your workforce is a completely different ballgame these days.
Cybersecurity Talent will Continue to Challenge
The world of cybersecurity is larger than meets the eye, and the demand is as high as ever. Using Zadelhoff’s “new collar” approach, companies and businesses can get the right talent on their side. It may take more than the traditional way of recruiting, but in the end, these new approaches can help address the talent shortage in cybersecurity.