Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Is there really a cybersecurity skills shortage?

By Tom Kranz
The 'People' Part of Enterprise Cybersecurity Strategies
July 9, 2020

Companies are struggling to find cybersecurity talent, and roles remain unfilled for months at a time. But is there really a lack of qualified candidates on the market? Is the problem with the lack of skills - or are we inadvertently limiting the talent pool before we even post the job spec?

Over the last few years, I've helped several companies grow their cybersecurity teams. There is a huge pool of untapped talent out there: the key is working out the right approach to get these people hired. Let’s look at five simple ways we can expand our pool of candidates, and increase our ability to hire the right people.

Requiring a degree

I keep seeing this as the biggest barrier companies face when trying to hire cybersecurity talent. This is an attitude that belongs firmly in the last century. "Must have a BSc or advanced degree" goes hand in hand with "Why can't we find the candidates we need?" The best security people I have worked with had no degrees. The great ones never finished high school.

Someone who has spent four years teaching themselves security, or has earned that experience on a job, will always be more motivated, skilled, and valuable to your company, than someone who has spent four years attending lectures. There are more of the former out there, too.

By looking for provable skills and real-world experience over that University parchment, we instantly get an increase in quality candidates who have the security skills our company needs.

Hire for ability, not certificates

Cybersecurity, as an industry, is facing familiar challenges on how to formalize recognition as a profession. There is an acronym soup of vendor certifications that has sprung up, which makes it very difficult to work out what real skills someone has.

Instead of focusing on certifications, ask applicants for a portfolio of their work. What code have they shared on GitHub? What tools have they built? Have they presented at any conferences? Are they active in any open source projects?

Good security people work in the industry because it's interesting and fun, so give them a chance to show that off. Get them talking about the conference talk they did, or the neat tool they built. This is real world, applicable experience that is vastly more valuable than answering 40 multiple choice questions in an hour.

Interview with a case study, not a list of questions

Building on the previous point, it is time to retire the “question and answer” interview. We all carry smartphones and we can all use Google. No one needs to know the difference between a virus and a Trojan off the top of their head.

Instead, take a leaf out of the big consultancies' books. Give candidates a case study -- a problem to solve on a whiteboard, in real time, as their interview. Regardless of skill or experience level, it gives them a chance to showcase their abilities and thought processes. As interviewers, we get a much better idea of how candidates approach real world problems, whether they will be a good cultural fit and where their strengths and weaknesses lie.

When I introduced case study interviews at one organization, I saw a 160-percent growth in the team in 12 months, with retention rates at 100 percent. Cast study interviews don't just land the right candidates -- they land candidates who want to stay.

Expand location expectations

COVID-19 has made it painfully clear that not only are companies able to support remote working, but that remote working actually increases the productivity and mental health of employees. Whether lockdown or travel restrictions ease or not, all companies should be embracing remote working and geographically diverse teams.

The moment a role is advertised that must be within commuting distance of a specific city, the pool of suitable candidates has been shrunk. If the goal is to attract the top skills to our company, expecting employees to be local is going to limit our options and weed out some great candidates.

Cross-train and cross-hire from other IT disciplines

Cybersecurity in particular touches not just all aspects of IT, but also finance, and business processes. Many companies fall into the trap of looking for unicorn candidates who already have all of this experience -- and then find themselves frustrated: there aren't that many people out there with the full skillset and the market is paying top money for them.

Instead, look to internal teams. A network engineer who has been working on firewalls and DDoS protection is a prime candidate for cross-training into a security engineering role. A finance person who has been auditing processes could be a good fit to train up into a governance role.

There is plenty of talent out there: by taking a different approach to the hiring process, we can ensure we attract the candidates with the skills and attitudes we need.

KEYWORDS: cyber security cybersecurity skills gap information security remote work

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Tom kranz

Tom Kranz's career has spanned almost 30 years, as a Cybersecurity and IT consultant.  After a successful career helping UK Government departments and private sector clients (including Betfair, Accenture, Sainsburys, Fidelity International, and Toyota), Tom now advises and supports organizations on their Cybersecurity strategy and challenges.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Career Intelligence
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Trophy and soccer ball

Security Experts Discuss Threats to FIFA World Cup 2026

Soccer stadium

How the Current Iran-US Conflict May Impact World Cup Security

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Officers at an event

The 2026 FIFA World Cup Will Test Security Operations Like Never Before

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

SEC 2026 Benchmark Banner

Events

July 8, 2026

The 2026 Security Maturity Benchmark Report: Insights From Senior Security Leaders

LIVE: July 8, 2026 at 2 pm EDT In this webinar, speakers will share key insights from the report, including why today’s threat environment demands greater maturity and how to evaluate your organization’s current security posture.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • cybersecurity

    Cybersecurity Skills Shortage is Impacting Organizations

    See More
  • cybersecurity900px

    Addressing the Cybersecurity Skills Shortage Through Upskilling and Retention

    See More
  • skills-freepik1170x658.jpg

    90% of security leaders face internal cybersecurity skills shortage

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing