As the international cyber landscape continues to evolve, we will never hire enough talent - that is why it is so important for us to all create talent for cybersecurity. Because of this dire and growing need, enterprise security leaders must invest in future cyber talent, while also taking the appropriate steps to train their existing workforce and new hires in both offensive and defensive cyber skills.
Finding cyber talent in unexpected places
Many may believe that only those with backgrounds in cybersecurity are fit for this role, but in reality, anyone with an affinity for coding and puzzle-solving can be a successful candidate. Some of our best cyber specialists are math and music majors. In cyber what matters is curiosity, diversity and persistence. As the cyber field is a fast-paced industry, candidates must also be able to think quickly and strategically while remaining cool under pressure.
While hiring untraditional candidates helps to fill the gap now, we must look toward long-term solutions to eliminate the skills gap entirely. Schools like the new Alabama School of Cyber Technology and Engineering (ASCTE) – a fully public, residential high school for students seeking advanced studies in engineering and cyber technology – are a great first step in accomplishing this goal. By building initial interest in cybersecurity and engineering, and then fostering that interest through tailored curriculum and strong mentorships, we will be able to build a strong future cyber-secure workforce that can keep our most sensitive information and networks safe from adversarial actors.
Understanding today’s threat landscape
It is extremely encouraging that our current cyber defenders are optimistic about their future career paths. However, we cannot let this current satisfaction drive complacency when it comes to cybersecurity hiring and training. While our workforce is completely capable of addressing global cyber threats, our adversaries are also working to advance their technologies at a rapid pace.
Knowing this, the current skills gap becomes even more daunting. If we’re unable to attract strong cyber candidates over the next decade, we will become vulnerable to these malicious actors, putting our strong cybersecurity posture at risk. To mitigate this potential scenario, we must continue to invest in cyber education. Schools like the ASCTE will prepare high school students to enter elite STEM universities that bolster talent for various cybersecurity career paths. More broadly, if an influx of students are introduced to cyber concepts at a young age, they will procure strong background knowledge that, when they enter the workforce, will allow them to hit the ground running and push our nation forward in the global security landscape.
Fostering professional growth
Employee support and career development should always be top of mind for organizations, and no matter how big an organization is, it must foster a corporate culture rooted in employee wellbeing. Too often in fast-paced industries like cybersecurity, chief information security officers (CISOs) become focused on the results, without considering how the steps taken to achieve a favorable outcome will affect their team. This disconnect can be overhauled in a few ways, but it starts with clear communication between employees and management. Messages should not flow in one direction; instead security leaders should encourage open dialogue within teams, as this will make everyone feel more supported and driven to accomplish the set goals.
In the end, we cannot deny the correlation between employee wellbeing and company performance, especially during these pandemic times. Security professionals in a position of leadership across industries must work to integrate a people-first culture that provides clear direction, focuses on operational excellence and has the flexibility to institute necessary changes. This effort, coupled with an ongoing effort to recruit and train future leaders, will create a strong workforce environment that will drive better performance and results, ensuring that nothing slips through the cracks and U.S. networks continuously and actively defend against all malicious attackers.