Investment Strategies to Address the Cybersecurity Skills Shortage
In an effort to address the growing cybersecurity talent gap, the Cybersecurity and Infrastructure Security Agency (CISA) is making significant strides in its recruitment strategies. Despite a workforce purge, CISA officials confirm that the agency is moving ahead, not finished with its recruitment efforts 1.
One key approach CISA is employing is creating internal cyber career pathways. By developing clear career progression frameworks from entry-level analyst roles to senior positions like architect, and launching cyber apprenticeships, graduate programs, and cross-training opportunities, CISA aims to grow talent internally rather than competing solely on the open market 1.
Recognition and rewards are another crucial factor in attracting and retaining cybersecurity professionals. Cyber security teams often work out of the spotlight, but recognizing their successes—such as incident containment or risk reduction—through awards and public acknowledgment helps employees feel valued and appreciated 1, 5.
Flexible work arrangements are also being offered to address burnout and attract talent from wider geographies. Providing remote or hybrid working options and allowing asynchronous schedules where feasible can make a significant difference 1, 4.
CISA is also focusing on fostering a supportive and inclusive culture. Security professionals stay where they feel supported, see career growth, and belong to a positive work environment. Expanding recruitment to include diverse candidates such as women and military veterans enriches team intelligence and innovation 2, 5.
Investing in training and upskilling is critical not just for skill improvement but also for employee empowerment and retention. Making upskilling part of the organizational culture strengthens teams and reduces turnover 1, 3, 4.
Partnering with educational institutions is another key strategy. Collaborating with universities and coding schools through internships, mentorships, and course design partnerships can build a long-term pipeline of qualified cybersecurity talent 4.
Smart companies are also focusing on leadership qualities like business acumen, digital dexterity, agility, and interpersonal skills in their cybersecurity professionals 6. Jen Easterly, CISA director, emphasized building a culture that attracts and retains elite talent in an August blog post 7.
CISA's recruitment efforts seem to be bearing fruit. Since its 2021 recruitment shift, the agency has hired more than 1,300 new people 1. However, 70% of security leaders say their organization does not have enough cybersecurity employees 8. Palmore is optimistic that up to two-thirds of the gap can be eliminated 9. With 3.4 million more workers needed to completely fill the talent gap in the cybersecurity workforce 9, it's clear that there's still much work to be done.
Changes in the recruitment process can bring in workers who might otherwise feel they don't belong in the field. Offering jobs in traditional tech hubs with high costs of living may exclude potential candidates. CISA encourages anyone interested, including those without college degrees, to apply 1.
References:
- CISA Announces New Initiatives to Strengthen Cybersecurity Workforce
- Building a Culture that Attracts and Retains Elite Talent
- Cybersecurity Workforce Study 2021
- Cybersecurity Workforce Study 2020
- CISA Blog: Cybersecurity Workforce Study 2020
- Palo Alto Networks to Acquire CyberArk for $25 Billion
- Building a Culture that Attracts and Retains Elite Talent
- Cybersecurity Workforce Study 2021
- CISA Announces New Initiatives to Strengthen Cybersecurity Workforce
- To attract and retain talent in the field of cybersecurity, CISA is not only focusing on hiring from diverse backgrounds, including women and military veterans, but also investing in internal career pathways, such as apprenticeships, graduate programs, and cross-training opportunities, thereby fostering a supportive and inclusive culture.
- As part of its recruitment strategy, CISA is emphasizing the importance of investing in training and upskilling, not just for skill improvement but also for employee empowerment and retention, with the aim of reducing the growing cybersecurity talent gap by up to two-thirds.
