• United States




Searching for unicorns: Managing expectations to find cybersecurity talent

News Analysis
Sep 29, 20174 mins
CareersIT LeadershipIT Skills

Finding the cybersecurity leaders of tomorrow means being realistic about job descriptions and providing training and mentoring for non-traditional tech people.

Attrition is up, and cyber attacks are on the rise. With continued burnout and a growing skills gap in an industry where mentorship is a lost art, how can enterprises prepare for resiliency?

Feeding the pipeline to fill the jobs of today and tomorrow means IT leaders must change their hiring biases, broaden their gaze, and offer a workplace that appeals to millennials — because they are the future of cybersecurity.

Tomorrow’s leaders will be fluent in languages other than technology. Leadership doesn’t come from the top down, but it does require the soft skills of communicating with people in order to bridge the gap between technology and business, said David Shearer, CEO of (ISC)2.

The cybersecurity skills gap is growing

With 1.8 million jobs to fill by 2022, the theme of this year’s Security Congress conference was how to tap into the talent that is all around us to build the leaders of tomorrow. In his welcoming speech, Shearer told the crowd, “You are the leaders of tomorrow.”

To attract talent who have the diverse skill sets needed to move the cybersecurity industry forward, IT leaders need to retrain their brains. Filling the skills gap is about more than translating the language of technology into business speak. It’s about including everyone in the conversation and realizing the potential to influence and inspire those around you.

Enterprises can start by replacing “booth babes” with students interested in IT and security through #brainbabes, a thought leadership platform founded by Deidre Diamond, founder of CyberSN — a cybersecurity staffing agency.

Rebrand corporate culture and image

Take an honest look at your corporate culture, and identify what needs to change in order to build a welcoming, inclusive, transparent and supportive workplace where people are rewarded on merit and inspired to be creative and innovative in their thinking.

The cybersecurity industry is more than a kid in hoodie on a laptop, and it’s the duty of today’s leaders to rebrand the cyber image, said Diamond.

While job seekers can find mentors and self-promote themselves by networking and attending industry events, the industry also has to be more realistic when it comes to their job postings for entry-level positions.

Stop looking for unicorns

Where so much of the process is broken, industry leaders need to bridge more than language gaps. They need to manage their expectations and break down the silos, said Wesley Simpson, COO of (ISC)2.

Breaking down silos means embracing diversity. When most people in secuirty come from an IT background, Simpson said, you start to get a lot of people who look the same and have the same experience.

“Millennials are the most diverse generation of our time, but the millennials also represent a very small portion of the cyber workforce. When all the baby boomers retire, that shortage will be filled by millennials,” he said.

Recognizing that not everyone is going to have the required five years of experience that companies are looking for, hiring managers need to start pulling from non-traditional sources.

Limiting the search to a computer science major with these credentials, certifications, and years of experience is a losing strategy.

Give people in other departments a chance

Talent is sometimes hidden right in front of you, and when you start to look within your own organization — beyond the IT and security departments — you will find individuals who are ready for a change.

“They are known quantities that know your business and know the products. Give them a chance by investing in them. We need all those skill sets — from human resources to marketing,” Simpson said.

And don’t be afraid to look at the arts. The irony of this — my final post for CSO Online — being about finding a job in cybersecurity is not lost on me.

Having an arts background has given me the ability to find the story inside the technology. Though I’m deeply saddened that I’ll no longer be telling those stories here on the Security Newb blog, I am excited about the future opportunities available to me in this industry. 


Kacy Zurkus is a freelance writer for CSO and has contributed to several other publications including The Parallax, and K12 Tech Decisions. She covers a variety of security and risk topics as well as technology in education, privacy and dating. She has also self-published a memoir, Finding My Way Home: A Memoir about Life, Love, and Family under the pseudonym "C.K. O'Neil."

Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). Recently, The University of Southern California invited Zurkus to give a guest lecture on social engineering.

The opinions expressed in this blog are those of Kacy Zurkus and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author