You only have to look at recent headlines to confirm that cybersecurity is a critical concern that\u00a0touches every industry and every individual, and threats are only continuing to increase.Yet in a\u00a0recent study conducted by ISACA and RSA, 52 percent of global cybersecurity and IT managers and\u00a0practitioners said \u201cthat less than a quarter of applicants for cybersecurity positions have the necessary\u00a0skills for the open position. As a result, 53 percent said it can take three to six months just to find a\u00a0qualified candidate.\u201d Then it takes another three to get them on board. This is a pressing issue within\u00a0this field of work that needs to be addressed. So how did this shortage or \u201ctalent gap\u201d happen in the\u00a0first place?When the information security industry first began to be a focus area, three decades ago (when I\u00a0entered the IT\/Security world!), enterprises did not anticipate the incredible advancements in\u00a0technology, the rapid increase in advanced cyber attacks and the constant need to protect sensitive\u00a0data. The major advancements of technology alone \u00ad from mobile applications to cloud to the internet\u00a0of things \u00ad has shined a spotlight on both the security vulnerabilities these technologies present, and\u00a0the lack of cybersecurity professionals who know how to fix them.[ ALSO ON CSO: CSO burnout biggest factor in infosec talent shortage ]But instead of making a concerted effort to attract and retain cyber talent, many organizations took\u00a0an alternative route of outsourcing their security teams. As breaches continue to increase in both\u00a0frequency and sophistication, enterprises have had to make a switch to hiring an internal team of\u00a0dedicated info security professionals, which are tough to find and hard to keep. This shift in approach\u00a0towards internal enterprise security created an immediate need to seek out and train qualified\u00a0security professionals. Over the years, this need for qualified and skilled security professionals has\u00a0grown faster than the workforce available to fill the jobs, leading to this major gap.Despite the growing breadth\/depth of security threats in the everyday organization, it is typical to find\u00a0an unstructured security team that is not providing professional growth or continued education\u00a0opportunities. Furthermore, the few professionals who are qualified are spread too thin and tend to\u00a0burn out quickly. This has also had a profound impact on the security industry, which is now seeing 1\u00a0million unfilled cybersecurity jobs in 2016 alone, and that number is expected to increase to 6 million\u00a0global job openings by 2019.While the task of closing this gap seems daunting, it is important for enterprises to shift their focus to\u00a0their internal teams to cultivate the talent that already exists within their organizations, even if it\u2019s\u00a0minimal to start. They need to provide an environment that encourages career growth and constant\u00a0training to ensure security professionals are armed with the knowledge and skills to defend their\u00a0organizations. If this becomes the practiced behavior, it is my belief that the skills gap will start to\u00a0close.To do this you must understand what skills you already have and then determine what you need\u00a0within your security team when hiring. There is a range of talent that is required to keep an enterprise\u00a0secure so you must know your must haves when doing so. In addition, it\u2019s important to understand\u00a0the soft-skills needed which include creative problem-solving, the ability to foster collaboration and a\u00a0drive to challenge conventional thinking to stay ahead of hackers. It is no longer easy to find that\u00a0100-percent candidate or even the 80\/20 rule doesn\u2019t work any more! You have to accept, at times, you\u00a0may have to hire the must have(s) and train the rest \u2013 maybe a 50\/50 rule?Only once you get a good understanding of what you need, you need to make sure you are finding the\u00a0right people and making a concerted effort to retain the talent within your organization. Though this\u00a0is a long-\u00adterm process, which requires continued effort, below are some quick tips to point you in the\u00a0right direction:1. Working with elementary\/high school\/colleges\/universitiesCultivating talent early on is the most effective strategy to address the growing talent\u00a0shortage. Work with schools\/students to provide insight into the cybersecurity industry by\u00a0supporting training and education initiatives that will arm young professionals with the\u00a0skillsets necessary for success. This includes adding internships to your hiring practices!2. Fostering an environment of continuous cyber educationSince threats are constantly evolving and technology is advancing more rapidly than ever,\u00a0continued education is necessary to keep skills sharp. It\u2019s essential that organizations provide\u00a0in-\u00adhouse and ongoing security trainings and certification courses that will give security\u00a0professionals a leg up on hackers for everyone enterprise wide.3. Offering security teams meaningful employmentRetain the talent within your organization by ensuring that employees feel their employment\u00a0is meaningful. By offering opportunities for professional guidance and mentorship, you\u2019ll\u00a0create a supportive environment, leading to higher employee satisfaction and reduced\u00a0turnover rates. Give them the opportunity to learn and empower them to be the best that\u00a0they can be.If we want to address the cyber talent shortage, we need to tackle the issue head on. By making a\u00a0concerted effort to cultivate talent, encourage continued education and create a supportive\u00a0workplace environment, we can strengthen the security industry and help build the workforce to\u00a0thwart cyber attackers.I love what I do, do you?