Bridging the cybersecurity skills gap with in-house training

By now, the majority of industry professionals are aware of the cybersecurity skills gap and its impact on organisations’ abilities to consistently protect their data and networks. The coronavirus pandemic has only amplified the issue, manifesting the economic strain that has forced many business leaders to make budget cuts and furlough or even lay off, critical employees. Meanwhile, cybercriminals saw the pandemic as an excellent opportunity to execute attacks on vulnerable networks as more employees shifted to remote work.

The cybersecurity skills gap: Implications for 2021 and beyond
In a recent survey of industry leaders, it was found that 68 per cent of responding organisations struggled with recruiting, hiring, and retaining cybersecurity talent. For such a critical branch of business, it’s an alarming statistic. Perhaps even more troubling was the discovery that 73 per cent of surveyed organisations had experienced at least one intrusion over the past year that could be partially or wholly attributed to the cybersecurity skills gap.

When organisations lack a large enough team of qualified, experienced cybersecurity professionals, their networks, customer data, and even operational technology are far more vulnerable to threats. At the same time, the number – and level of sophistication – of cyberattacks on commercial businesses is steadily climbing. When successful, such attacks can be debilitating, costing hundreds of thousands of dollars in downtime or reparations. To help address this risk, organisations must shift their mindset away from traditional hiring and work to implement new, agile solutions that leverage untapped resources, without burning out their employees. Organisations should invest in reskilling and upskilling current employees, which can effectively help bridge the skills gap.

Identifying the right individuals for the job
One of the biggest issues in cybersecurity hiring has to do with the sets of skills and attributes hiring managers believe are mandatory in a “qualified” individual. All too often, these wish lists grow much longer than what any individual could have possibly attained throughout a 5-, 7-, or even 10-year career in the industry. Worse, hiring according to a set list of qualifications tends to rule out some of the most talented and capable recent graduates – those who are eager to learn and most excited about the profession.

By restructuring the hiring model to prioritise innate strengths over “X years of experience,” organisations will end up with employees who are happier to do their jobs and fit in more seamlessly with the rest of the team. Interviewing for, say, communication skills and leadership ability, analytic sharpness, level of comfort with abstract ideas, mathematical and modelling skills, independence and autonomy, and other such “soft” skills may reveal much more about a candidate’s chances for long-term success than his or her resume alone.

Then, organisations must put programs in place for on-post training, whereby talented and new hires pick up the technical, hands-on skills they need to monitor networks and mitigate threats. But this should not be the sole focus of these cybersecurity training programs.

Even tenured employees appreciate and benefit greatly from opportunities for continued education, whether via in-person or online courses, seminars, or conferences. Many organisations have found some of their best cybersecurity professionals by looking elsewhere in their IT departments, encouraging individuals who may no longer be stimulated in their current roles to move laterally into a cybersecurity position by completing training programs and/or certifications. These workers bring a new, fresh perspective, benefiting the organisation in more ways than one – this alone demonstrates why upskilling and reskilling should be considered essential when looking to build out security teams.

By implementing cybersecurity training programs for all employees and diversifying the overall hiring strategy, companies across industries will see a marked improvement in their overall security program’s fortitude, as well as a greater degree of employee satisfaction and far less turnover.

Sandra Wheatley is SVP, Customer Marketing, Threat Intelligence and Influencer Communications at Fortinet