Finding the cybersecurity leaders of tomorrow means being realistic about job descriptions and providing training and mentoring for non-traditional tech people. Credit: Thinkstock Attrition is up, and cyber attacks are on the rise. With continued burnout and a growing skills gap in an industry where mentorship is a lost art, how can enterprises prepare for resiliency?Feeding the pipeline to fill the jobs of today and tomorrow means IT leaders must change their hiring biases, broaden their gaze, and offer a workplace that appeals to millennials — because they are the future of cybersecurity.Tomorrow’s leaders will be fluent in languages other than technology. Leadership doesn’t come from the top down, but it does require the soft skills of communicating with people in order to bridge the gap between technology and business, said David Shearer, CEO of (ISC)2.The cybersecurity skills gap is growingWith 1.8 million jobs to fill by 2022, the theme of this year’s Security Congress conference was how to tap into the talent that is all around us to build the leaders of tomorrow. In his welcoming speech, Shearer told the crowd, “You are the leaders of tomorrow.” To attract talent who have the diverse skill sets needed to move the cybersecurity industry forward, IT leaders need to retrain their brains. Filling the skills gap is about more than translating the language of technology into business speak. It’s about including everyone in the conversation and realizing the potential to influence and inspire those around you.Enterprises can start by replacing “booth babes” with students interested in IT and security through #brainbabes, a thought leadership platform founded by Deidre Diamond, founder of CyberSN — a cybersecurity staffing agency. Rebrand corporate culture and imageTake an honest look at your corporate culture, and identify what needs to change in order to build a welcoming, inclusive, transparent and supportive workplace where people are rewarded on merit and inspired to be creative and innovative in their thinking.The cybersecurity industry is more than a kid in hoodie on a laptop, and it’s the duty of today’s leaders to rebrand the cyber image, said Diamond.While job seekers can find mentors and self-promote themselves by networking and attending industry events, the industry also has to be more realistic when it comes to their job postings for entry-level positions.Stop looking for unicornsWhere so much of the process is broken, industry leaders need to bridge more than language gaps. They need to manage their expectations and break down the silos, said Wesley Simpson, COO of (ISC)2.Breaking down silos means embracing diversity. When most people in secuirty come from an IT background, Simpson said, you start to get a lot of people who look the same and have the same experience.“Millennials are the most diverse generation of our time, but the millennials also represent a very small portion of the cyber workforce. When all the baby boomers retire, that shortage will be filled by millennials,” he said. Recognizing that not everyone is going to have the required five years of experience that companies are looking for, hiring managers need to start pulling from non-traditional sources.Limiting the search to a computer science major with these credentials, certifications, and years of experience is a losing strategy.Give people in other departments a chanceTalent is sometimes hidden right in front of you, and when you start to look within your own organization — beyond the IT and security departments — you will find individuals who are ready for a change.“They are known quantities that know your business and know the products. Give them a chance by investing in them. We need all those skill sets — from human resources to marketing,” Simpson said. And don’t be afraid to look at the arts. The irony of this — my final post for CSO Online — being about finding a job in cybersecurity is not lost on me.Having an arts background has given me the ability to find the story inside the technology. Though I’m deeply saddened that I’ll no longer be telling those stories here on the Security Newb blog, I am excited about the future opportunities available to me in this industry. Related content feature Vulnerability vs. risk: Knowing the difference improves security Conflating security terms evokes fear but doesn't help security newbs understand the difference between vulnerabilities and actual risks. By Kacy Zurkus Sep 26, 2017 3 mins Risk Management Vulnerabilities IT Leadership opinion What the Equifax breach means to me — an end user perspective Recovery and resiliency or apathy. Which will prevail now that most everyone's PII has been exposed in another massive breach? By Kacy Zurkus Sep 15, 2017 4 mins Cyberattacks DLP Software Internet Security opinion Abandoned mobile apps, domain names raise information security risks When app creators abandon domains for bigger, better deals, what happens to all the app-specific data? By Kacy Zurkus Sep 08, 2017 3 mins Access Control Data and Information Security Vulnerabilities feature Security chatbot empowers junior analysts, helps fill cybersecurity gap Endgame's Artemis eliminate syntax or query language, allowing junior analysts to communicate with the network more intuitively to find security issues. By Kacy Zurkus Aug 31, 2017 3 mins IT Jobs IT Skills Network Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe