In my last post I discussed why we are facing a Cybersecurity Hiring Crisis. Today, as promised, I’m going to explore what we can do to address the IT Security skills shortage. Specifically, I’m going to suggest how companies can retain IT Security and what we can do to increase IT Security talent nationally, and globally.
A picture is worth a thousand words though, so I've made this handy infographic to summarize some of the key points.
As before, I asked Becky Pinkard, Director of Security Operations at Pearson Global, for her opinion on these matters. According to Becky, predictions have been pouring in over the last decade forecasting the growing IT security skills shortage. With increasingly specialised technologies focused on delivering complex solutions across globally diverse infrastructures, the strain has never been greater on the talent pool for qualified IT and information security professionals.
These predictions have become an alarming reality. According to a 2012 report by IBM, 63% of companies struggle with an understaffed IT team and 51% are unable to find people with the right skills, and it’s likely that these percentages are even worse today.
This, naturally, has forced companies to offer higher and higher salaries to IT Security professionals in a desperate attempt to retain their talent. The rapid inflation in salary expectations is great news for candidates, but a significant problem for companies who don’t have a bottomless budget.
Aside from offering competitive salaries, what strategies can companies use to retain talented IT Security specialists and attract potential hires?
According to Becky, there are 5 strategies that should help:
1. Prioritise their annual training budgets for security product-specific courses and certifications
2. Provide clearly defined career paths for security "techies" versus security "managers
3. Provide modern hardware and tools to work in a cutting edge environment (i.e. laptops, tablets, mobile phones, video conferencing, group and individual messaging, social media access)
4. Provide flexible working arrangements, with options for home-based workers and flexi-hours for office staff
5. Pursue creative ways of encouraging and supporting staff who want to pursue advanced degrees
These are the tactics I would recommend to any organisation looking to retain talent in any specialist area. Over the last five years I have found that more and more professionals are interested in the benefits and perks beyond the pay package. Training or professional development, structured career progression, modern resources and tools and flexible working hours are increasingly prioritised and employed by companies with more limited budgets to win over top talent. And of course, a happy work culture is also a key factor!
What can we do to increase the number of IT Security professionals?
Obviously, retaining talent is only half the battle. We also need to ensure that we are developing a strong pipeline of talent to come through the ranks, particularly from the younger generations.
This means that we have to the change the global mind-set towards security training and education. At the moment, information security is primarily a specialist field and must be selected as a path for training and/or qualification.
To meet the increasing demand for IT Security professionals, we must drive security education down into the very heart of our primary and secondary school curriculums. Children are surrounded by technology and interfacing with it on a daily basis, but privacy and security education are left to their parents, who are often struggling themselves to understand the complexities against the myriad of operating systems, browsers, networks and devices. Whilst teaching children the basics of coding, why not teach them about the basic principles of IT Security?
We are riding a huge swell of non-understanding and confusion about security on a global scale - at what point will this urgent need for awareness crest and what will the aftermath look like?
You might also like