The talent shortage in cybersecurity is a well-known and well-discussed problem. There are more jobs in cybersecurity than there are qualified employees to fill them. This problem is compounded by the fact that many current cybersecurity positions require hands-on experience, leading many organizations to compete for seasoned security professionals rather than spending the time and resources required to train new talent.
To better understand this problem, ProtectWise commissioned Enterprise Strategy Group to survey more than 500 tech-savvy millennials and post-millennials in the United States to find potential answers to the security skills shortage. Not surprisingly, the data show that many young people don’t pursue careers in cybersecurity due to lack of exposure to the field in school or among their peers and family members. Others are deterred by perceptions of required technical skills and certifications. Interestingly, the results also suggest that these young people may be able to help fill current and future openings.
Employers can follow four key steps to recruit, train and mentor the next generation of cybersecurity analysts.
Recruit Entry-Level Candidates
Though not always the most obvious choice, young people who are passionate about security but lack experience can be great employees. These hires are best for entry-level roles where you’re able to hire green talent who you can then upskill over time. Recruiting these types of employees should be a process through which you determine candidates’ affinity for your technology and for learning. When possible, work to develop relationships with candidates before beginning the interview process so you can get a feel for their technical background. Internships can be an excellent way to get to know younger candidates while presenting them with challenges to test their motivation and problem solving.
Once They’re On Board, Have a Plan for Developing Your New Talent
When hiring less-experienced candidates, make sure you can anticipate how much investment will be required to teach them certain skills. For cybersecurity, don’t think that a formal degree in computer science is required; a background in IT, networking or system administration can be just as valuable. It’s also important to know how actively the candidate follows cybersecurity trends and news—are they very passionate about your industry? Do they understand what your company does and its role in the broader market? If the candidate has good answers to these questions, they are more likely to be a great long-term investment.
Build an Environment That Attracts and Keeps Employees Happy
Setting and managing the expectations of a younger workforce can be challenging. Work with your HR staff and managers to find what excites younger employees and develop plans around those areas. Look at your competitors, find out what they offer new employees and work to develop incentives and benefits that differentiate your company. Most cybersecurity professionals at all levels appreciate companies that give them the opportunity to attend training and conferences.
Mentor and Retain Young Employees
It’s inevitable that at some point most employees will desire something different in their career. Whether that is wanting to learn more or branch out into another area of interest, it is important that you respect and foster those desires. Dedicate time for skills development and provide your employees with tools that allow them to effectively use their talents. Also, look for opportunities to showcase their work with others in the company and in the industry to show them you are dedicated to their professional growth. Always work to maintain a collaborative learning environment so your employees feel comfortable working on new things. We all know it’s cheaper to retain an employee than to hire a new one, so once you’ve made the initial investment to bring on a new hire, make the effort to develop training plans to augment knowledge gaps while encouraging learning in the areas that already excite them.
Ultimately, when it comes to filling critical cybersecurity jobs it is very important to consider eager and passionate recruits despite a lack of experience. Make sure to assess candidates’ motivation to learn and develop a plan to guide them on that journey. Create an environment that supports continual growth and learning. Keep your employees around for the long term by providing them with opportunities to work on projects they love and to share their accomplishments with the company and their peers. At the end of this you will find strong members of your team that can, in turn, help develop the next round of talent and build an amazing place to work.