As veteran cyber professionals approach retirement, the industry faces the risk of being caught unprepared for the loss of talent. Organizations currently employing these professionals aren’t the only ones who need to prepare — as experienced professionals vacate their roles, many cyber workers will seek to fill these roles, potentially leaving positions unfilled all across the industry. To lessen the blow of this shift, organizations can prepare now by seeking emerging talent and taking steps to retain current workers.

Seeking emerging talent

As vacancies grow, organizations should consider an often-ignored pool of talent: the emerging cyber professional workforce.

Emerging cyber talent is often an untapped resource, says Sergio Tenreiro de Magalhaes, Chief Learning Officer at Champlain College Online. Tenreiro de Magalhaes uses his previous experience in the cybersecurity space to support student success, especially in fields such as cybersecurity, digital forensics, and computer science.

“If you're a young student who doesn't have a lot of professional experience, or if your background is in industries where the cybersecurity presence is not big, then it can be really complicated to land the first job. It’s the well-known paradox of the entry level experience: a lot of companies ask for experience to get entry level jobs, and if you don't have the experience, you can't land the entry level job.”

According to Tenreiro de Magalhaes, emerging cyber professionals can struggle to land roles due to a lack of experience, causing a cycle that is difficult for them to escape — without a cybersecurity role, how are emerging professionals going to gain experience that organizations want to see before hiring them?

While many organizations may see hiring newer talent as “taking a gamble,” Tenreiro de Magalhaes encourages them to take that chance.

“Hiring a person is always a gamble. It doesn’t matter if the person is brand new to the field or if they have 20 years of experience; there’s always a gambling component,” Tenreiro de Magalhaes remarks. “Even if we check all of the references and the candidate was great in prior organizations, there might be a culture shock. They might not fit in with the organization. No matter what, the hiring process itself is taking a gamble.”

Security leaders considering new talent don’t have to blindly hire them. Instead, they can assess the candidate’s aptitude during the interview process to better understand their capabilities and chances of fitting in well with the role.

Tenreiro de Magalhaes explains, “When organizations are trying to hire less-experienced cybersecurity professionals, they oftentimes go through the same hiring process that applies to most other positions. In my opinion, this has to be approached in a different way. If you are trying to hire someone with less experience, it is important that instead of asking for their resume, you ask for their portfolio.”

By reviewing the portfolio of emerging talent rather than a resume, hiring professionals can gain a better grasp of the candidate’s knowledge outside of their limited professional experience.

For emerging cyber professionals who may be seeking new roles, Melissa Rhodes, Vice President of Human Resources at Nightwing, shares insights into the hiring process.

When seeking a new role, developing competitive skills can set you apart from the competition. Rhodes states, “Being strong in the cybersecurity arena is a fairly common skillset today. A differentiator in today’s market is looking at how to apply artificial intelligence or machine learning to those skillsets in a safe way. That, I think, is the biggest corner-turning opportunity for cyber professionals in the current market.”

Apart from developing skills, prospective job seekers should also consider their social media presence.

“Building connections and networking are really essential,” Rhodes states. “It’s important not only for finding jobs, but also for staying connected on the newest developments that are happening in the field.”

Retain current workers

Bringing in new talent can be essential for growth; however, organizations shouldn’t neglect their current staff. While cyber professionals may inevitably leave to retire or seek new opportunities, organizations can minimize affects from vacated roles by retaining workers and preventing mass resignations.

Bindu Sundaresan, Director of Cybersecurity at LevelBlue, believes internal collaboration between cybersecurity professionals and business leaders can improve job satisfaction for cyber workers, thus increasing retention.

“Oftentimes, you only notice the cyber team when something goes wrong. All of the times they were doing things correctly, they were never really given attention. But the moment a breach happens, there’s fingers pointing back at the cyber team,” Sundaresan reflects. “From the point of view of job satisfaction for a cyber professional, I think the key is collaboration between the business side and the cyber side of the organization. Having that acknowledgement and connection between the cyber team and the business team elevates a security team’s job satisfaction and makes them feel supported and valued.”

Another way to improve job satisfaction on cybersecurity teams is to bring individuals with diverse perspectives onto the team.

“Fostering a diverse team is truly about representation of diverse thoughts and the ability for us to represent the society we live in,” Sundaresan says. “The fact that we seem to overlook a whole subset of the population in technology-oriented jobs means we are missing their insights. For instance, there’s ethos, pathos and logos involved when a phishing email is created. Having diverse sensitivities and a team that can draw from those experiences creates a better security culture and a stronger program.”

Hiring and retaining the cyber workforce

Talent will come and go, but by seeking emerging talent and improving job satisfaction of current team members, organizations can prevent being blindsided by an unexpected talent vacuum. By partnering with local universities, organizations can tap into regular streams of emerging talent to ensure their security teams are never empty. Once the positions are filled, it’s up to organizational leaders to ensure workers feel valued in their roles in order to keep the cyber team going strong.