4 places to find cybersecurity talent in your own organization

Organizations are missing opportunities to cultivate inside talent who may lack experience but already know the business and have the fundamental skills to succeed in cybersecurity.

man standing out crowd individual

Simeon Holloway wanted to parlay his 13 years of IT experience into a cybersecurity position. He thought that it would be a relatively easy transition considering the global shortage of cybersecurity professionals and his eagerness to learn.

The information security department at the federal agency where he worked in Atlanta was an obvious place to start. Perhaps he could shadow a security professional there or fill an empty position and learn on the job, he thought. But the reception he received was cooler than he had expected.

“I consulted and got advice from them. I applied for some positions there, but it just didn’t pan out,” says Holloway, who applied for jobs as an IT specialist in infosec and as a cybersecurity engineer. “I think my lack of experience and a CISSP certification” had something to do with being turned down, he says. “They wanted experience with reporting and conducting risk assessments.”

His experience thus far had focused on network and desktop support, and systems administration. Holloway went on to get certifications and training on his own, studying nights and weekends, and later he left the agency and is now an information assurance analyst for the Georgia Lottery.

For Holloway’s former employer – perhaps an opportunity lost.

Companies are scrambling to fill cybersecurity positions. Some 41 percent of CIOs surveyed by recruiting firm Robert Half Technology say that cybersecurity skills are in the greatest demand in their organizations. The non-profit organization (ISC)2, which provides information security education and certifications, predicts a worldwide shortfall of 1.8 million cybersecurity workers by 2022, 20 percent more than was predicted in 2015.

To continue reading this article register now

Microsoft's very bad year for security: A timeline