Over the past 18 months of the pandemic, there was a major shift in the job market. It went from shut down-induced, massive layoffs to the Great Resignation, with thousands of employees deciding to walk away from their careers.
Companies across industry verticals are scrambling to fill their vacancies.
"The pandemic has forced people across the country to rethink their careers," said Rob T. Lee, chief curriculum director and faculty lead at SANS Institute. "It has created a massive workforce gap, something cybersecurity was already facing before the start of the pandemic."
There are nearly half a million total cybersecurity job openings right now across all disciplines within the industry, according to Cyber Seek data. The skills gap has challenged the industry for years; however, one area where the talent gap is glaring today is the lack of availability for non-technical professionals to gain cybersecurity training for the first time.
Not only are cyberthreats on the rise, they are evolving with technology. AI, for instance, is as likely to be used to launch attacks as to mitigate them, creating a high need for those tech skills.
"Identifying talent gaps in an industry that's moving so fast is a challenge because it's hard to define the exact skills you need," said Chris Reffkin, CISO at HelpSystems.
Think about an IT security role today and then look at how much that job role has expanded in the last two decades. The roles aren't the same. In fact, the landscape is moving so fast that a new college graduate's training is already behind.
However, cybersecurity is one of the few industries made stronger by the pandemic. The quick move to remote work put companies on high alert for increased cyber risk and the need to strengthen the cyber workforce.
"The rise of remote working has opened opportunities in the cybersecurity recruitment market. High performers can now look beyond their local market and work effectively from anywhere," said Reffkin.
Attracting and retaining employees
Anyone with cybersecurity experience has a lot of options and will likely field a number of different offers. The challenge for organizations is to recruit the right talent for their needs. Once the new hire is onboarded, organizations need to keep them happy so they'll stay.
Recruitment begins with expanding the idea of what cybersecurity professionals look like. The cybersecurity industry has not done a good job of addressing its "overwhelming white-ness and male-ness," according to the Aspen Institute.
"A data repository containing sample profiles of successful hires from a wide diversity of experiential, educational, and cultural backgrounds could help hiring managers adjust job requirements and focus on the skills new hires actually need," the Institute said in its report, "Diversity, Equity and Inclusion in Cybersecurity."
The Aspen Institute also suggested a shift in the narrative of who makes a good cybersecurity professional so people can picture themselves in the job. Organizations should write those job descriptions plainly so candidates know exactly what is expected and what the company is looking for.
Cybersecurity professionals expect to make a good salary, so the offer has to be attractive, but it isn't as much of a key factor as one might expect. Many enter the field because they enjoy the variety and the constant change.
"If security professionals don't see a path to evolve their career or be continuously challenged, they'll start looking elsewhere," said Reffkin.
That's when businesses might have to bump up the pay incentives, but in the long run, employees want to be in an organization that makes security a high priority and makes the necessary investments in staff and technology. Being on the cutting edge of new products and ideas will keep employees on staff for years.
Beware of burnout
The Great Resignation happened because workers realized there is more to life than spending years at a company that doesn't appreciate its employees. Cybersecurity was suffering from career burnout long before the pandemic, and that added to the talent shortage.
Burnout must be taken seriously. Having adequate staffing is just part of the solution. Automation tools play a big role in burnout prevention, too.
"So many tasks exist within cybersecurity that are very detailed and tedious. If you can create robust algorithms and code to handle a portion of these necessary tasks, you take a large burden off staff," said Emily Burke, HR director at Nuspire.
The pandemic can be a turning point for finding and retaining cybersecurity talent. Remote work offers flexibility for both sides that wasn't there before. And maybe leadership is learning how to better appreciate its staff.
"If an organization can offer great team dynamics and people, competitive pay, creative benefits, ongoing cutting-edge tech training, and the ability to make an impact and get the 'bad guy,'" said Burke, "why leave?"