How can we solve the cyber talent shortage? asks Mandeep Thandi, pictured, Director of Cyber & Digital at the consultancy Gemserv.
The “Great Resignation” doesn’t seem to be letting up. The mass exodus of workers, that became widespread news over 2021, has continued into this year and at no less than historic rates. The pandemic, of course, was the driver of this trend, creating a period of economic turmoil that, in turn, provoked a distinct psychological shift within the workforce. The coin had flipped – where once industries had enjoyed a healthy flow of talent in the market, employers now find it more difficult to attract and retain such talent. Suddenly people were prepared to quit, prioritising their work-life balance over the stability of their current role.
There are clearly a variety of factors at play behind this collective shift in attitudes towards work. A series of lockdowns over the past two years gave people time to reflect on their employment situations, and working from home alleviated workers geographical limitations. Furthermore, the blurring of the work-life balance had contributed to a long-hours culture.
On a more positive note, as countries began to fully open up their economies, businesses started looking to expand again, increasing options within the job market. The Great Resignation has afforded talented employees greater freedom within the labour market, as employers scramble to meet their inflated demands. This has enabled employers to look further afield for talent and has contributed to improvements in diversity of the workforce. Better work-life balance and hybrid or homeworking arrangements have enabled a wider pool of employees to seek jobs that otherwise would have limited their freedom with a required office presence.
The impact on the cyber security industry
The high turnover rate caused by the Great Resignation has already caused significant stress for businesses, triggering issues all the way up the supply chain. In high-skill, fast-paced industries such as cyber security, demand for talent has always been a challenge, therefore such a momentous shift in the labour market could have serious consequences for organisations’ cyber security posture.
An extensive research paper, conducted by the Information Systems Security Association and IT analyst firm Enterprise Strategy Group, concluded that the “cyber security skills shortage would continue with no end in sight”. An astonishing 95 per cent of respondents said that the crisis and its effects had not improved in the last few years, whilst 44pc thought it had worsened.
The main impacts of the skills shortage include a heightened workload for existing cyber security teams, a high churn rate of IT staff and vital positions being left unfilled. Researchers noted that the deteriorating crisis risked “forcing overwhelmed cyber security professionals into constant firefighting”, and that retaining top talent should be high up on the agenda for organisations. This shortage of talent within cyber security teams could potentially result in falling security standards for businesses.
Whilst modern network infrastructure can deter malicious activity through automation, human expertise is still crucial for the upkeep of an organisation’s cyber security programme. Repairing vulnerabilities, maintaining back-ups, and creating policies and employee training plans are all examples of activities that rely on cyber talent. Whilst a team can operate understaffed for a time, extended periods without adequate resourcing leaves organisations far more vulnerable to cyberattack.
What steps can businesses take to mitigate the talent shortage?
In the short term, firms can look externally to alleviate their staff deficit. Cyber security consultancies offer a valuable source of expertise and manpower, which can be helpful in raising internal capability back to acceptable levels. Of course, any new members working with a company’s security systems should be thoroughly evaluated before allowing them access to sensitive data.
An important issue relating to uncovering and developing talent is the need to increase the diversity of cyber security teams. Having more diversity within a team allows for greater variance in perspectives, something that can be incredibly valuable in creating the most effective security solutions, and building a team representative of the wider organisation and client base. With the current take of flexible and hybrid working practices, this creates a great opportunity for businesses to hire employees from further afield and attract employees from wider backgrounds who otherwise may not have been considered under regular travel to the office.
Another rewarding method of finding and retaining skilled cyber talent is through widening of the recruitment net, along with internal training efforts. Where once they could just rely on recruiting graduates, or attracting talent from the available pool, firms must now broaden their search for suitable personnel. This will lift the lid on a new pool of potential IT talent – candidates should not have to possess the qualifications or experience to the same level as graduates, but instead recruiters should be looking for people that possess the right “soft” skills and ambition, with the potential to grow into top cyber talent.
Home-grown talent can only be achieved if employees are given ample access to training programmes and the encouragement to develop personally, therefore businesses must invest strongly in educational and developmental resources to allow their staff the opportunity to grow. By looking towards new avenues to procure personnel, and then building talent from the ground up, businesses can help to reduce the stress of the Great Resignation felt by the wider cyber security industry – attracting and retaining talented personnel to grow with their organisations.
