Competition for tech talent is hotter than ever, fueled by technological growth. As new research has found, security organizations are feeling this acutely, particularly in light of recent cyberattacks. High-profile hacks targeting organizations from the Ascension health system to the UK Ministry of Defence payroll system highlight the need for tech-savvy talent.

Beset by challenges such as outdated employee value propositions, prescriptive career paths, and low pay, security organizations often struggle to attract this type of talent. Even with improvements to purpose, progression, and pay, outmoded recruitment strategies, strict vetting procedures and reluctance to change staff entry levels can undermine efforts to upskill. So what’s the solution?

Addressing the elephant in the room

It’s a universally acknowledged truth that many security roles are stifled by stringent vetting policies. Originating in the 1940s, these policies don’t always reflect dynamic societal shifts. Recruits are left in limbo while security clearances are confirmed, and many drop out of the pipeline before they see the light at the end. Vetting is just as restrictive for those who leave security roles and want to return, but a “one-way door” for leavers can shut out new perspectives gained from outside experiences.

To revamp vetting, security organizations can look back to move forward, understand how vetting has evolved (or hasn’t), and update processes for a fast-paced world. In practice, this means adjusting clearances for less sensitive roles, and thinking about how to maintain clearances so people can be called on as required. Employees who leave well can rejoin well, and bring new skills with them to aid upskilling efforts.

Find skills in surprising places

In addition to revamped vetting, security leaders must remember that talent doesn’t always have to come from STEM grad schemes. Aptitude-based recruitment is a non-traditional approach that can help organisations obtain aligned and often surprising skillsets.

A keen crocheter, for example, can create patterns in a way that aligns to coding. Applying this type of aptitude lens to the recruitment process helps create a more diverse workforce, including for neurodiversity, gender and background. To reach diverse talent, tailoring the language used in job specifications, such as using inclusive language and reducing “must-have” requirements, is crucial. Organizations can also develop accessible learning models and upskilling programmes, such as immersive learning and gamification, that enable people to learn in “safe to fail” environments. Focusing on strengths in training — and, importantly, day-to-day work — will incentivise people to stay, boosting retention.

Talent can also be exported from citizens: just look at Bellingcat, the citizen-led research collaboration, or Sweden’s Total Defence approach, inspiring Swedes to become stakeholders in security. Taking a more holistic, whole-of-society approach helps organizations to spot inter-dependencies, find and upskill new talent, and draw on a wider range of resources.

For example, in the U.K., the government could consider adapting its existing military reserve model to enable civilian contributions as part of a whole-of-society security approach. If the vetting model became more flexible, civilian staff leaving full-time employment might still be able to contribute to national security through a lighter commitment. This could also allow those from outside government to share expertise on a minimal commitment basis, much like they do with other organizations through non-executive roles. This would widen the talent pool to include those later in their careers who want to add a national security contribution to their legacy, but are currently excluded by the focus on those at the start of their professional lives.

Use what you have

To take advantage of available talent, organizations can enhance the skills of current staff and those joining laterally from other departments or teams. Exporting talent between different departments and organizations requires changing defined career paths in favour of flexibility. This enables new thinking, different perspectives and beneficial cross-referencing between solutions applied elsewhere. It also allows staff to build on prior learning and pursue their unique areas of interest and strengths, which supports long-term upskilling.

Taking this approach to the wider security ecosystem, organizations could share skilled employees, aided by common career pathways, aptitude tests and joint selection frameworks co-developed through shared language and systems. The Defence Nuclear Enterprise’s latest strategy report, for example, looks at shifting from a talent ownership model to one of shared benefit, creating robust structures for individuals to move between teams. 

Don't underestimate the power of new thinking

Upskilling is an important element of making use of available talent. Rather than one-off training days and click-through courses, effective upskilling focuses on continuous, whole-life learning — because the skills learned today don’t always answer tomorrow’s problems.&

To gain the necessary tech skills, security organizations must therefore revamp vetting, adopt non-traditional recruitment strategies and optimize existing talent through life-long upskilling. When recruitment policies were first created, the landscape was inherently different, which is why security organizations struggle to keep up with tech acceleration. But if they invest in optimizing their approach to closing the tech talent gap, they will strengthen the security ecosystem as a whole and create a secure future.