This month marks CISA’s 18th Cybersecurity Awareness Month, a joint effort between the government and public to raise awareness of the importance of cybersecurity. Week three of the month is dedicated to careers in cybersecurity, and we’re discussing industry efforts to address the cybersecurity skills gap as well as our team’s mission to impact change.
As we hear in the news daily, the threat landscape is becoming significantly more complicated. Breaches and reports of ransomware show how critical a robust cybersecurity strategy is, yet the workforce shortage stands at millions worldwide. A recent report pegs the number of unfilled cybersecurity positions at 4.07 million.
In order to close the cybersecurity skills gap, companies must invest in their people in a way that reflects the direness of today’s threat landscape. International InfoSec organization ISSA highlights key areas to improve upon:
- Getting talent through the door and paying them competitively: It takes almost six months to fill a cybersecurity position. Being offered a higher compensation package is the main reason CISOs leave one organization for another.
- Investing in long-term training: An increase in training is the best way to address the cybersecurity skills shortage. Many security professionals seek to achieve 40 hours of training per year but a quarter of those surveyed did not meet those hours due to cost.
- Alignment between business and security: Nearly a third of respondents said that the relationship with HR, board of directors, and line-of-business managers was poor due to a lack of understanding between the cybersecurity side and the business side.
Upcoming research from (ISC)² shares that too many candidates “feel deterred from joining the cybersecurity workforce because they are intimidated, either because they don’t see themselves fitting in or because they mistakenly believe they need to either possess highly advanced coding abilities or acquire them through an expensive education.”
Onapsis Chief People Officer, Catherine Gasse, offers the following advice when it comes to cybersecurity hiring:
- Make job descriptions more accessible: Quite often, skilled job applicants are intimidated by job descriptions because the criteria is too rigid or the language is too technical.
- Rethink the job requirements list: Think more about the role the person will perform versus the background of a candidate. Don't get too granular in terms of years of experience or education as you'll severely limit the candidate pool — often fairly arbitrarily. This is especially true in our young industry.
- Hire for high potential rather than past experience: When you hire for potential, you end up with candidates who stick around longer, grow in leadership roles, and produce better results.
- Find ways to express how your company is different from other security companies: It’s an extremely competitive security talent market and Boston has a record number of cybersecurity companies. What are your company’s differentiators?
- Think about other industries and communities from which to pull talent or mentor professionals to bring into security. Furthermore, there’s a great number of security jobs that need program management experience and presentation skills over coding or communication expertise over auditing skills.
As part of our effort to address the cybersecurity skills gap, Onapsis created an internship program. Rolled out last summer, this program is available to students from low-income communities in Argentina who are interested in pursuing a career in security. These interns have the opportunity to work at our research and development center in Buenos Aires and after months of intense Python training, they are offered roles as trainees. These hires have an enormous impact — not only by bringing new expertise and perspective to Onapsis, but also by introducing young, ambitious individuals to the cybersecurity industry.
There is still much work to be done across the industry. A lack of representation across gender, ethnicity, age, race, socioeconomic background, and region certainly contributes to and perpetuates the cybersecurity gap. Women make up 20 percent of the cybersecurity workforce; while up from 11 percent in 2013, it’s not enough. Blacks and Hispanics still have marginal representation in cybersecurity professional positions, despite representing over 30% of the total population. As ISC2’s upcoming Cybersecurity Workforce Study examines, “The absence of diverse role models that aspiring professionals can identify with and find inspiration from is a major barrier for awareness and consideration of a cybersecurity career.”
Demystifying cybersecurity and actively seeking to make the industry more inclusive will have long-reaching effects, far beyond lessening the cybersecurity gap. The benefits of diverse teams are endless, bringing different perspectives to the table, increased creativity, and learning and growth opportunities for organizations. Onapsis is committed to shifting how we market our security and technical focused roles, training within our organization, and improving upon our diversity every day.
- For resources on how to get started in a career in cybersecurity, check out this blog.
- Further your security career with Onapsis. Browse our open positions today.
- Stay on top of the latest news and reports in business-critical application security.
- Learn more Cybersecurity Awareness Month and how to protect your organization.