Gene Fay is CEO of ThreatX, a leading API protection platform.
getty
Threat actors have taken advantage of widening attack surfaces due to digital transformations and unsecured APIs. The result has been a massive rise in cyberattacks over the past two years. Compounding the stress that these constant threats level on enterprise security teams is the industry-wide talent shortage that places a larger burden on fewer employees. This needs to change — and fast.
(ISC)2 found that the global cybersecurity workforce shortage is at 2.7 million professionals. In addition to security concerns, this talent shortage is also impacting innovation at the enterprise level. According to Gartner, Inc., 75% of IT executives noted that a lack of talent hobbled their efforts to adopt IT automation.
As employers, we need to become more creative to solve the cybersecurity talent shortage. Doing so will benefit not only our individual enterprises but also our nation's overall cyber health.
The cybersecurity industry can be a difficult field to enter and navigate. Between extraordinarily high experience expectations and the constant quest for "unicorn" hires, job seekers may become too discouraged to apply to open roles.
Additionally, it is incredibly expensive to hire "cyber-unicorns," and many organizations that need cybersecurity talent cannot pay the exorbitant salaries required to entice a unicorn onto their team. In order to grow our talent pipeline, the industry needs to shift its mindset and open doors to more people regardless of gender, ethnicity, education level or skill set. We need help, and we can train people who are smart, driven and curious to do these jobs. Organizations and security teams must look to broaden their horizons in order to build a robust security workforce.
I started the eXecutive Security podcast series and have spoken with industry leaders as a way to pull back the curtain in the cyber industry as it relates to talent management to encourage others to learn directly from those with extensive careers in the security field and consider a career in cybersecurity. Through these conversations, I've learned that there are three creative solutions we should take to not only build a lasting and effective talent pipeline but to close the cybersecurity talent gap for good.
Don't rely on "traditional" cyber degrees.
There are roles in cybersecurity that can be played by everyone — regardless of their degree (or lack thereof). Liberal arts (i.e., nontechnical) degrees can provide useful skills such as problem-solving and a big-picture perspective that someone with a more focused degree might lack, for instance. The same goes for two-year degrees. Not everyone has the means to pay for a four-year degree, which has become the de facto barrier to entry for many jobs. Further, with the proliferation of native technology users, there are students leaving high school who might potentially have more real-world experience with coding and technology than your average college student.
The mindset that only those with advanced degrees are worthy of full-time employment in cybersecurity needs to change if we want to innovate. Examining nontraditional cyber degree paths will also create change in our industry through the diversity of thought, which is past due.
Look to our military.
When our veterans leave the service, many of them enter the workforce with skills that can have an extraordinarily positive impact on our cyber industry. Along with intangibles like integrity and selfless service, our service members can come prepared with an understanding of the cat-and-mouse mentality that is vital to high performance in cybersecurity.
There are tens of thousands of veterans who are looking for work right now. I know from experience that nothing is more fulfilling than helping a veteran move from serving our country to landing a high-paying and secure job in cybersecurity. Doing so also enlists them in the fight to continue making our world a safer place while putting their hard-earned skills to use.
Hire for traits.
I recently began thinking about student-athletes who won't make it to the pros. These are diverse, high-caliber students who are also highly competitive — and they're the people we need in cybersecurity. As such, we need to get back into the business of training people to do a job.
Many organizations have unrealistic expectations for even entry-level positions. Many student-athletes, for example, have the coachability and desire to succeed that will help them, regardless of industry. Instead of overlooking a candidate because they might not meet your rigid experience requirements, think of hiring less-experienced candidates with the traits that can lead them to career success. Better yet, have a plan in place to train them as part of their onboarding requirements.
Leave the industry better than you found it.
I feel strongly that we are all responsible for opening doors to people and leaving the industry in a better place than we found it. It is about giving back to others. We need to be on the lookout for people searching for jobs and proactively open our professional network to them. Instead of disregarding that LinkedIn connection request, follow up with that person. It costs nothing, it's good for the industry, and it may help someone find a great job in cybersecurity.
While entering the cybersecurity field may be daunting for some, I have found that great leaders in the industry come from a variety of backgrounds and follow their own unique paths. It is up to us to be on the lookout for the next industry all-star. That person may come from the most unlikely of places.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
