The cybersecurity talent shortage has been top of mind for years as the industry continues to grow and evolve. In a recent webinar hosted by Nuspire, Michelle Bank, Chief Product & Marketing Officer of Nuspire, Karie Gunning, Associate Partner at ClientSolv, Inc. and Carrie Rose, Senior Manager of Information Security Governance, Risk and Compliance at DISH Network, came together to discuss strategies for bridging the gap.
“Why do we need to look for ways to solve the talent gap?” asked Michelle. “The stats speak for themselves.”
Michelle shared that when it comes to the threat landscape, we’ve seen a 68% increase in data breaches over 20201 and that the average cost of a breach in 2021 was a whopping $4.24 million2 – the highest in 17 years. From an industry perspective, there’s been a 350% increase in cybersecurity jobs from 2013 to 20213 and it’s predicted we’ll see a 120% increase in market growth from 2021-20284.
“Gender diversity is important, and in honor of Women in Tech month, we think it’s important to highlight where we stand,” said Michelle. “Currently 24% of women hold cybersecurity jobs globally, but women are 50% of the population, so there’s a clear gap there.”
According to Michelle, the shortage is the result of several factors, including an increase in threats and threat opportunities as we connect more devices to the internet; the need for additional skills as threat actors evolve and become more sophisticated; and, according to Gartner5, “37% of the organizations are not finding the required skills or competencies or experience.”
“Today, we are all about focusing on what we can do to either help people find a job in cybersecurity or help those hiring find additional talent,” Michelle said.
“It’s such an exciting time to be in cybersecurity – I have more openings than I’ve ever had in my 15 years of doing this,” said Karie. “The common thing I keep hearing is that hiring managers are more open to accepting candidates who don’t have a security background.”
Karie said if you’re looking for a job in cybersecurity, come up with target list of companies you want to work with and look within your network for those who may have connections to those companies. Be proactive and get your resume in front of the hiring manager. Also, don’t discount soft skills – they’re becoming a lot more important in this day in age. These include intellectual curiosity, strong problem-solving skills and the ability to think strategically.
For those preparing for a job interview, Karie recommends the STAR method – clearly state the situation, tasks, action and your results. It’s all about being prepared – research the company and research the hiring manager.
“I also encourage references to call the hiring manager directly and put in a good word for the candidate,” Karie said.
Carrie added it’s important to be truthful when you’re applying for a job. She has seen candidates who read a job description, find a LinkedIn profile of someone in that position and copy/paste those qualifications into their application. This is a big no-no.
“In security, you need to have a really strong moral compass, and if you’re lying on your application, that’s a red flag,” Carrie said.
“I am first and foremost a mentor – and I think getting to know who a candidate is as a person is important to gauge how they’ll be in the role,” said Carrie. “Security can be a taxing industry, and I think my success in hiring and retention is about making it clear that health and family come first. Work will always be there.”
Carrie added that she makes it a point to surround herself with people who don’t have the same backgrounds as her because it helps her gain new perspective and learn new things.
“My team is constantly learning,” said Carrie. “If you don’t have a candidate willing to learn or is someone who acts like they know everything, they’re probably not someone you want on your team.”
Karie reiterated the importance of using your network, saying that 80% of jobs aren’t being posted because hiring managers are instead going to their personal networks. She also highlighted the importance of speed in hiring.
“There are so many cybersecurity roles out there, which means it’s a candidate’s market,” said Karie. “My advice is that if you’re interviewing a candidate who you really like, extend the offer quickly and show good follow-through.”
Cybersecurity talent can come from a variety of different industries, depending on the role you’re looking for. Top industries include military, government, insurance, financial services, healthcare and telecommunications.
“I manage governance, risk and compliance, which is a bit of a non-technical role – yes, we have to understand the technical side, but we’re not hands on keyboards performing security functions,” said Carrie. “When I’m hiring for cybersecurity talent, I’m looking in the highly-regulated fields like finance and healthcare, whereas if someone is looking for SOC personnel or threat hunters, they may look for people with military or government backgrounds.”
When it comes to building a strong team, Carrie looks at energy and gender diversity. Out of 11 people, seven on her team are women.
“My team is excited to be doing the work they’re doing, and when they want to explore something new, I encourage it,” said Carrie. “Hiring managers are looking for ‘unicorns’ who can do it all, but those are rare, so allowing your team to try on different roles is a great way to build the experience you’re needing.”
“One of my favorite ways to support diversity in cybersecurity is via mentorship,” said Michelle. “But for it to work, you need to be clear on your goals and what you want to get out of it, whether you’re the mentor or mentee.”
She added the importance of being open to jobs beyond the technical side.
“For example, every company has a finance department, so if you’re looking to get in the door, there’s opportunities on the business side,” said Michelle. “Once you’re in the door, do a good job regardless of whether the job is or isn’t what you want to continue doing. Think of it as a pathway forward and an opportunity to build your reputation and personal brand.”
Additional ways to diversify include offering flexible working conditions, investing in training and certifications and eliminating pay gaps.
If you’re looking for additional cybersecurity career support, here’s a list of resources you can access: