Key IT roles are difficult to fill these days, especially in the area of cybersecurity. Cengage CTO Jim Chilton shares tips on overcoming major challenges.
Attract and retain cybersecurity talent.
Attracting talent is a major industry challenge – resulting in 700,000 open US cybersecurity jobs today.
One short-sighted step many organizations take is to require a traditional four-year degree in computer science, cybersecurity or a related field for an entry-level role. The Cengage 2022 Employment Report found that while 44 percent of tech workers will start their careers in another field, 57 percent of tech employers are unwilling to interview a candidate without a degree, even if the candidate has the necessary experience.
A successful career in cybersecurity does not require a degree in cybersecurity or technology. Employers should adapt by ditching strict degree requirements and instead evaluating candidates based on their skills and suitability for the job. This includes accepting candidates with a certificate or badge for completing accredited IT courses such as cloud security, zero-trust, coding fundamentals or data science.
During the interview process, IT leaders can gain better overall competency and soft skills by asking questions about how they manage past work, time, and priorities on teams and collaborations, and by measuring their ability to learn and grow.
Employee retention is also very poor, with nearly half of cybersecurity professionals planning to leave the industry this year. As the number of cyber attacks is high, so is the stress level, as cyber security personnel feel they are “always on call”. This goes hand in hand with recruitment – unfilled vacancies mean more work for a few people. To better retain employees (especially in labor shortages)
Since many attacks are easily preventable, organizations should focus on adequately training all their employees. For example, more than a third of all cyber attacks are caused by phishing. To combat this, organizations should provide their employees with regular IT and cyber security awareness training to reduce their chances of being hacked.
[ Related read: IT hiring strategies – and 5 illuminating interview questions to ask candidates in 2023. ]
Sharing best practices on how to identify common hacker tactics like phishing will ultimately reduce preventable cyberattacks, reduce stress for cybersecurity personnel, and essentially make it easier to retain IT and cybersecurity professionals.
Implement training programs
In August, the Department of Labor announced a new cybersecurity internship Sprint program to combat industry talent shortages.
Internships are extremely valuable to both employers and candidates. For employers, internships are a cost-effective way to tap into talent, provide real-world training at the end of the program, and a skilled workforce. Apprenticeship programs reduce the risk of hiring a full-time entry-level employee who may not meet the required standards or decide for themselves that the organization or industry is not a good fit.
For employees, the internship is essentially a crash course that gives them the opportunity to learn while they’re at it. With the average college graduate taking on $30,000 in debt (and many taking on more), a degree is becoming more and more out of reach for many Americans. Internships are a great way for people to gain real-world work experience and practical skills, and provide a trial process to ensure that a career in cybersecurity is right for them. For me, internship programs are the real winners.
During National Training Week this year, we joined a Department of Labor event to celebrate the end of the 120-day Cyber Security Training Sprint. It’s exciting to join other technology leaders and brands focused on solving the critical skills and workforce gap in this high-demand industry.
Training employees for rapid innovation
Industry leaders often point to rapid technological advances as the ability to properly train the workforce.
With approximately 2,200 cyberattacks occurring every day, it’s clear that hackers and the technologies they use are becoming more sophisticated.
It’s unrealistic to expect recent college graduates, internship graduates, or credential holders to possess all the skills needed for a decade in cybersecurity. To keep up with the rapid development of new hacking threats, learning and development must be key components of the employee lifecycle.
Employers must commit to continuously developing their cybersecurity workforce. Management can’t expect overburdened tech teams to study new hacking techniques or enroll in courses to learn the latest security software—the onus is on employers.
To keep up with the rapid development of new hacking threats, learning and development must be key components of the employee lifecycle.
Employers should regularly communicate with their IT teams, asking what additional tools they need and offering sponsored opportunities for training. Consider offering personalized training and certification for in-demand cybersecurity jobs to enable enterprises to develop and train top talent.
Rethink your recruiting practices
The tech industry in general is known for its lack of diversity. Currently, 25 percent and 7 percent of tech workers are women and black.
Representation of women and people of color in big tech is significantly lower than the national average in all sectors. To begin to reverse the disparity, we need to complement diverse talent pools where they exist and revisit hiring practices.
We have already discussed the value of training and the role of skills-based employment, but not from a DEI perspective. Many employers still require degrees for entry-level jobs. But research from Opportunity @ Work found that increasing the four-year degree requirement would screen out 76 percent of African Americans, 81 percent of Americans in rural communities and 83 percent of Latinx workers.
By rethinking degree requirements, considering candidates from non-traditional educational paths, and streamlining internships (especially for entry-level), tech teams can welcome diverse and skilled talent into their organizations.
Employers may also consider partnering with community colleges and HBCUs, which tend to have more students from diverse backgrounds. By partnering with these educational institutions, employers can directly engage with the often-overlooked, high-achieving minority student population (for example, 33 percent of black high school graduates attend community colleges with a 3.5 or higher).
Employers can expand their skill sets by offering these students real-world learning opportunities, such as internships, and ultimately allowing them to take on entry-level technology roles.
Once diverse talent is on board, employers need to make sure they are supported and feel supported. This requires a culture change within IT teams and technology companies by implementing comprehensive DE&I strategies, employee resource groups (ERGs), and equal opportunities for underrepresented demographics to learn, grow, and move into senior roles.
[ Want more expert insights on leadership, strategy, career development, and more? Download the Ebook: 37 award-winning CIOs share essential IT career advice. ]
