Featured Better Management And Training Are Key To Solving The Cybersecurity Skills Gap

Published on January 25th, 2023 📆 | 8598 Views ⚑

0

Better Management And Training Are Key To Solving The Cybersecurity Skills Gap


iSpeech.org

Dave Merkel (also known as "Merk") is the cofounder and CEO of Expel, a cybersecurity company based in the Washington, DC area.

If you follow the cybersecurity industry at all, you’ve probably heard quite a bit about the so-called “cybersecurity skills gap” over the past year or two. The fear is that there simply aren’t enough skilled cybersecurity professionals to go around, with a worldwide shortfall of roughly 3.5 million people. This has rendered both cybersecurity providers and in-house security teams unable to fill critical positions, leaving them dangerously vulnerable to costly attacks. It would be a problem—if it was entirely true.

But that’s not the full story. Yes, it’s true that there are only so many cybersecurity analysts with 10 years of experience and a master’s degree in computer science from a brand-name university. Those individuals are, understandably, in high demand—and they have the salary requirements to prove it. But on-paper qualifications are not the only predictors of success in the cybersecurity industry, and today’s organizations can begin to address the cybersecurity skills gap by fundamentally reevaluating the way they approach filling those positions. That starts with leadership helping managers understand how to hire for traits rather than skills, cultivate new skills over time and invest in the growth of their employees.

Close the skills gap through training and retention.

While most conversations around the cybersecurity skills gap focus on the difficulty in attracting new employees, it’s important to consider that this makes it even more critical to retain current talent. Companies already struggling to fill certain positions will certainly want to ensure that they keep the employees they do have happy.

According to Josh Bersin, the cost of replacing an employee can be up to double that employee’s annual salary, and it can take two full years for the new employee to reach the old employee’s level of productivity—and that’s before taking into account the difficulty of filling cybersecurity-related positions amid the current perceived skills gap. Attracting new talent is still critical, but it needs to go hand-in-hand with a strong retention program.

Sometimes retention comes down to simple dollars and cents. But a staggering 94% of employees included in a recent LinkedIn study indicated that there was one key factor that would make them stay at a company longer, and it wasn’t more money. What most employees want, it turns out, is an employer invested in helping them learn. That same study indicated that for younger workers, in particular, a lack of opportunities to learn and grow is the number one reason to leave a job. Recognizing that employees want to learn and grow in their roles is critical for businesses. Implementing the training programs needed to allow those employees to expand their knowledge base and responsibilities can make those employees more productive and keep them at the company longer.

It’s important not to overlook the critical role that good management plays here. It’s often said that people don’t quit their company—they quit their manager. That may not be true 100% of the time, but it does illustrate an important fact: If the person with the most direct influence over the employee is invested in their success, they will be more likely to stay. A good training program alone isn’t enough; if an employee is dealing with a bad manager, they’re likely to take the benefits of that training and walk right out the door as soon as a better opportunity presents itself. Just as you are investing in the skills of your security analysts and other employees, it’s critical to invest in improving the skills of your managers. After all, individual managers can have an outsized impact when it comes to making employees feel valued.

Augment experience with relevant skills.

Whether hiring new talent or promoting from within, it’s important to look beyond overt qualifications like experience and education. This isn’t to imply that experience isn’t valuable—of course, it is—but it’s important to understand how it fits within a broader context. What were their responsibilities? How did they approach their short-term and long-term goals? What were the traits that made them successful in that position, and how would those same traits serve them in a new role? When recruiting external candidates, these are important questions to ask both the candidates themselves and their references. When recruiting from within, these are the things managers should be tasked with identifying and cultivating.

Whether in the applicant pool or within your own organization, good managers should be trained, encouraged and empowered to identify creative problem solvers. Individuals with a basic degree of technical proficiency, a willingness to learn, good communication skills and a creative mindset make excellent security team members. And if they don’t come from a traditional security background, they may even bring a new perspective to the team, looking at problems in interesting ways and providing unique new solutions. Giving them the opportunity to do so can simultaneously help close the skills gap, provide security teams with much-needed new blood and improve employee retention. Frankly, it’s hard to imagine a more “win-win” situation.

Stop talking about the skills gap and do something about it.

The cybersecurity skills gap is easy to complain about. It’s a convenient way to explain away security struggles by lamenting the fact that there just aren’t enough skilled candidates out there. But the truth is, there are plenty of talented security analysts just waiting to be found—and many of them might already be at your company.

People deserve to be recognized for their talents. They want to know they have what it takes to do a complex and interesting job. Identifying potentially valuable skills and training employees to better utilize them demonstrates that employers are committed to the success and professional development of their employees and makes it easier to staff notoriously difficult-to-fill positions. The skills gap is a problem, but it’s not an unsolvable one. Effective training and development programs are a great way to not only fill critical positions but also make it clear to employees that the company is invested in their future.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


Source link

Tagged with:



Leave a Reply

Your email address will not be published.