Are you a small business owner? Or maybe the CEO of a multinational corporation? Either way, you’re about to run into a serious security conundrum. Cybercrime is on the rise, and the talent to prevent it is in short supply. Cybersecurity Ventures predicted a record 3.5 million unfilled cybersecurity jobs for 2021 — a shortage of particular concern after several highly-publicized cyberattacks on big-name corporate targets. What can you do — right now — to protect your sensitive data from black-hat hackers?
Recruit cybersecurity talent
We all know how challenging it is to find a needle in a haystack. But what if there are no needles? That’s exactly what IT recruiters will tell you about available cybersecurity talent. In a field that requires up-to-date knowledge, attention to detail, and precise action, the current crop of candidates just isn’t that sharp. And those who do have the necessary qualifications — they can name their price.
In 2018, Texas A&M University System launched a unique initiative to address the approaching shortage in the short-term. A&M’s Security Operations Center fends off around a million hacking attempts a month, and they’ve recruited students to work in concert with AI software to fill their cybersecurity skills gap. Other organizations are following a similar path with more long-term answers in mind. Old-fashioned apprenticeship programs are increasingly popular among cybersecurity firms, and IBM’s mobile cybersecurity range capitalizes on the popularity of escape rooms to simulate cybersecurity emergencies in a real-time response environment.
Recruiting talent is tough for every industry right now. Reconsider your job requirements. Are you overlooking potential by setting unnecessary standards? Overly restrictive requirements dissuade candidates from applying and limit your hiring options before you’ve really begun. Keep an eye out for applicants with relevant experience and education, but don’t demand the best unless you’re willing to pay for it.
Unique approaches aside, the reality of IT recruiting usually comes down to this: Top talent demands top dollar. And if you aren’t financially equipped to meet high salary expectations, you’re not likely to get the cybersecurity bang you need for your buck.
Work with what you have
Are your existing IT resources enough to fortify your data security? Retraining current employees to cover cybersecurity needs is a viable option for organizations with the time and money to invest. If you have the resources for this approach, be as inclusive as possible, and extend your search beyond other technical fields. If you have cybersecurity specialists on staff, get them involved in the selection process, and establish formal mentoring relationships between them and your new recruits.
For a comprehensive training program, make good use of your on-site resources and seek out secondary resources to supplement your initiative. One such resource is the National Initiative for Cybersecurity Education (NICE), a division of the U.S. Department of Commerce; “The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development.”
Understand that an internal cybersecurity development program will demand significant investments of both time and money. Companies with limited resources require a more feasible approach.
Find a cybersecurity partner
Cybersecurity consultants serve two primary purposes: assessment of your current cybersecurity risk — including identifying gaps and recommending solutions — and advising on strategy for building an effective cybersecurity team. A good consultant provides a wealth of current industry information and guidance for a workable solution within your organization’s budget.
So, how do you choose a consultant? Start by identifying what you need and matching your needs with the services consultants offer. Review their experience and client roster. Seek out reviews and testimonials from well-known clients or trusted sources in your industry. Evaluate their solutions for feasibility and scalability. Make sure what you can do now can adapt to do more for you in the future. Finally, make sure your company values are a priority for the cybersecurity consultant you choose.
The cybersecurity talent shortage isn’t just about low supply. According to Security Boulevard, “Companies that were previously content with one or two specialists are now building entire teams — usually after suffering data breaches or other forms of cyberattacks.” This afterthought approach to data security is a significant contributing factor in both the rise of cybercriminal activity and the spike in demand for cybersecurity specialists. In this precarious cybersecurity environment, expert help is an invaluable asset.