Closing the gaps: how to tackle shortages in cybersecurity skills and talent

In this special edition of our Cyber Intelligence Briefing podcast, S-RM experts Paul Caron, Stephen Ross and Rhiannon Dixon – all leaders within S-RM’s US cybersecurity team – discuss the related issues of the cybersecurity skills gap and shortages in cyber talent. Rarely out of the news, the team provide insights and tips for organizations facing challenges bringing in enough cyber talent to their teams or maintaining their employees' cyber skills.

Why is there a talent challenge?

The spiral of rising demand for cyber talent, pushing up competition and wages for employers is a well-known challenge that many organizations face today. But why is there a talent shortage in cybersecurity, what’s causing the block? Paul sees two factors at play:

1. Ambiguity still surrounds cyber. For many people, when they hear about cyber vacancies it feels very daunting and unless you come from a strong technical background, you might not understand that the cybersecurity profession is very far reaching and wide.
2. Gatekeeping. We still see gatekeeping or badge protection mentality around breaking into the field. For example you might see an entry level position but the employers are asking for at least two to three years’ experience in cyber. For us, that’s contradictory.

In summary – broader education is needed about the cyber profession and its different facets and how to get into them. Additionally, cyber leaders need to be more open to identifying talent, diversifying where they look and who they hire – that’s the only way to stop the spiral.

What about S-RM as an organization – how do we tackle the challenge?

Paul explains that at S-RM to we pride ourselves in taking non-traditional hires and upskilling them through a defined programme of development. We make an active investment through the S-RM Academy where best-in-class talent, with the tenacity and desire to learn cybersecurity skills, are given training across disciplines including incident response, digital forensics, ethical hacking and advisory. This helps new hires to find their niche and ultimately make them successful in the various parts of our global business.

Skills in short supply?

In our Cyber Security Insights Report 2022, 35% of senior IT leaders and C-Suite professionals that we surveyed told us there was a lack of cyber skills within their organization. At S-RM we help businesses of all types and sizes to improve their cybersecurity maturity and that can include building out security awareness training to help close gaps within existing teams. However, Rhiannon provides some tips businesses can do immediately:

1. Encourage your team to participate in the broader cybersecurity community. There are many groups out there that provide useful resources and access to inspiring professionals at the cutting edge of cyber. Alongside individuals broadening their network by accessing these groups, there’s the potential of opening up a pipeline of talent too.
2. Encourage a culture of coaching. Organizations where leadership encourages coaching behaviors often have a more mature and safe cyber posture.
3. Train all users in security foundations. Having the largest cybersecurity department won’t make you the most secure organization. Organizations are only as secure as their weakest link, so by investing in some reoccurring, real-time and ideally gamified security training for all members of the company that's not only going to improve security, it's also going to reduce the workload for the current security team.

Paul Caron, Stephen Ross and Rhiannon Dixon will be attending NetDiligence in Philadelphia this month – please come and say hello at Stand #1 or reach out to the team via email.