Cybersecurity And The Workplace: Part 3
Confronting Cybersecurity Workforce Shortages Through Flexible Hiring and Retention Strategies
From hybrid and remote work, to the Great Resignation and greater emphasis on Diversity, Equity, and Inclusion (DEI) initiatives, the modern workplace is undergoing systemic changes. Discussions surrounding these dynamic shifts in the workplace are often viewed from an economic or HR perspective while less attention has been devoted to the cybersecurity impact of these workplace trends. This blog post is the third in a series which aims to breakdown the cybersecurity implications of current trends in the workplace. For additional reading, check out our first two blog posts on employee burnout and the Great Resignation.
Cybersecurity Workforce Shortages
The Great Resignation compounded by the persistent global cybersecurity workforce shortage has left organizations struggling to attract and retain cyber talent. Identifying innovative ways to remain competitive in the cybersecurity job market is crucial for an organizations' operational security and resiliency.
Globally, there is an estimated shortage of 2.72 million cybersecurity professionals. While the global cybersecurity workforce grew by 700,000 from 2020 to 2021, demand continues to outpace supply, creating significant hiring and retention challenges for organizations across sectors. This shortage of cybersecurity personnel presents significant security implications for organizations operating with understaffed and overworked cyber teams. According to the latest 2021 (ISC)² Cybersecurity Workforce Study, 60% of surveyed organizations stated they faced direct risks due to cybersecurity staffing shortages.
Flexibility in Hiring and Retaining Employees
Confronting cybersecurity staffing shortage requires organizations to deploy flexible and creative strategies to attract and retain talent. When it comes to hiring, organizations should consider expanding their pool of qualified candidates during the application process. As the shortage of trained cyber professionals continues to outpace demand, hiring managers should shift their focus towards hiring individuals who are trainable, motivated to learn, and have transferable skills, regardless of whether they have formal training or experience in the field. Such transferable skills include critical thinking, problem-solving, attention to detail, data analysis, working well under pressure, and the ability to communicate as well as collaborate with diverse stakeholders.
Alongside external hiring, organizations should also place an increased emphasis on promoting from within the organization by providing current employees the necessary training and education in cybersecurity to make a career transition. One such strategy organizations can consider implementing is a rotation that provides non-security staff exposure to information security positions for a designated period of time. For starters, many IT staff, while different from information security, typically possess the baseline technical knowledge to easily transition into cybersecurity roles with the appropriate level of training and education. However, non-security staff with appropriate transferable skills and a motivation to learn are equally viable candidates for such an initiative.
Beyond hiring, offering flexible work hours and locations, especially as many firms are beginning to implement Return to Office (RTO) policies, is another strategy organizations can lean on to remain competitive in the current job market. Flexible work schedules are a proven way to attract and retain talent. However, as COVID-19 wanes and organizations begin returning to the office, this has the potential to negatively impact staff retention, especially for high demand positions like cybersecurity. By continuing to offer flexible work schedules for cybersecurity positions, organizations will be able to entice workers to remain at the organization while also attract new cybersecurity hires who are leaving organizations in search of more flexible work schedules in the RTO era.
Although the cybersecurity shortage will remain a challenge for years to come, reshaping the way in which your organization approaches the labor gap through flexible hiring and retention strategies is a key step in addressing this disequilibrium of supply and demand.
How we help
ACA Aponix® helps firms to stay on top of their cybersecurity programs. Contact us discuss how we can help assess and strengthen your current program to prevent cyber-attacks caused by workforce shortages.