• United States



Embrace This Opportunity to Attract New Cybersecurity Talent

Feb 09, 20235 mins
IT Leadership

istock 1169929038
Credit: iStock

Ask nearly any security leader whether they have adequate resources to protect their organization effectively and consistently, and you’ll likely hear an emphatic “No.” Given that an estimated 3.4 million people are needed to fill the global cybersecurity workforce gap, it’s no surprise that CISOs feel that they need more staff to safeguard their networks, let alone focus on more strategic priorities. And nearly 70% of leaders say this skills gap creates additional cyber risks for their business.  

At the same time, some technology companies are beginning to reduce their payrolls as economic growth slows. In fact, several of the world’s largest tech organizations have laid off over 150,000 employees in recent months. These organizational changes represent an opportunity for companies looking to fill cybersecurity roles.

Now more than ever, there are qualified job seekers on the market, many of which are likely strong candidates for security-related positions. Although many of these candidates don’t have a degree or previous work experience related to cybersecurity, the good news is that there are multiple avenues for helping to upskill or reskill candidates who possess other traits that make them a strong fit for a security role.

Four Key Considerations for Attracting and Retaining Cybersecurity Professionals

In the past, organizations have focused on recruiting “traditional” candidates—or those with four-year degrees in cybersecurity and previous related work experience—to fill open roles. Yet given the talent gap in the industry, it’s essential to look beyond those with existing cybersecurity experience and consider an expanded talent pool to help fill critical positions.

There are a variety of unique recruitment approaches that employers can take when searching for cybersecurity talent. Here are several ideas for security leaders and their human resources teams to consider.

Identify Existing Employees Who Can Be Reskilled or Upskilled

Before assuming you need an external candidate to fill a particular role, look inside your organization to identify existing employees who can be reskilled or upskilled. This is a great way to grow new cybersecurity talent and support overall talent retention. A study shows that the likelihood an employee stays with their current company decreases as the years pass, but an employee who makes a lateral move has a 62% higher chance of staying with that organization. It is no surprise that employees who feel their employer is investing in them are more apt to remain at a company.

As an industry, we also need to support and create more opportunities for women, veterans, and other underserved populations in cybersecurity. What better place to look for these candidates than within the walls of your organization?

Think outside a “Four-Year Degree Only” Requirement

One of the mistakes organizations make when looking for cybersecurity talent is to view a four-year degree as the only validation of experience for many or all of their open cybersecurity roles. Years ago, this was a must-have credential for anyone seeking a security-related position. Today, there are many paths an individual can take to acquire the knowledge and skills necessary to work in cybersecurity, such as on-the-job training and self-paced education programs.

Industry certifications are often a strong validation of an individual’s skills. According to the Fortinet 2022 Cybersecurity Skills Gap Global Research Report, 81% of surveyed organizations look for candidates with certifications and cybersecurity training. And 95% of decision makers say that employees with technology-focused certifications positively impact their company. These third-party certifications provide employers and hiring managers with external validation that a candidate possesses critical cybersecurity awareness and knowledge.

Prioritize Soft Skills

In addition to understanding network security controls and incident response frameworks, cybersecurity professionals should possess many soft skills that can be just as important as—or even more important than—technical skills. According to a review of cybersecurity analyst job listings posted on LinkedIn and Indeed, some of the top soft skills listed include communication, collaboration, risk management, adaptability, and critical thinking.

Tap into New Talent Pools

A Pew Research Center study found that 53% of adults who quit their jobs in 2021 also changed their respective fields of work. This high percentage of professionals seeking to change careers represents a significant opportunity for security leaders.

One way to tap into this pool of individuals interested in a career change is to partner with and recruit from existing cybersecurity reskilling programs. For example, through the Fortinet Training Institute, Fortinet partners with Women in Cybersecurity (WiCyS) and other organizations focused on diversifying the industry by providing training and mentoring programs to expose more individuals from underrepresented groups to cybersecurity. Additionally, Fortinet works with IBM SkillsBuild to offer free learning opportunities for individuals to develop skills, reskill, or upskill to pursue a role in cybersecurity, and then connects learners to various employers to jump start their careers.

Closing the Cybersecurity Skill Gap

With a talent shortage and many unfilled roles, the cybersecurity industry continues to offer job seekers exciting new opportunities, even amid a slowing economy. And with more professionals searching for new roles, now is the time for organizations to broaden their recruitment efforts, sourcing candidates from an expanded talent pool and considering professionals from “non-traditional” backgrounds. By embracing new recruitment ideas and strategies, business leaders can fill open roles, diversify their teams, and strengthen the organization’s security posture.

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and Training Institute programs—including the NSE Certification programAcademic Partner program, and Education Outreach program with a focus on women, veterans and more —are increasing access to training to help solve the cyber skills gap.