We’ve all heard about
the cyber skills gap by now. As cyber adversaries grow more advanced and
organizations struggle to manage these evolving threats, cybersecurity jobs are
getting harder to fill. There are an estimated 2.9 million unfilled openings worldwide, with half a
million in North America alone. Meanwhile, 60% of organizations say it takes at least three months to fill an
open cybersecurity position.But what isn’t often talked about is the idea that this gap is not really an industry problem, nor is it the responsibility of job applicants to fill. I believe that responsibility for resolving the skills gap falls squarely on the shoulders of companies and business leaders. Only by taking ownership of this crucial issue and embracing it can companies begin to effectively address it. No matter who you hire, there will likely be a significant gap between their initial skills and the precise skills your organization needs.Universities, especially those with dedicated cybersecurity programs, can provide a solid educational grounding. However, graduates must still face intense on-the-job training in order to understand a company's particular security environment and needs. Business leaders must shift their expectations and focus on three basic principles to help address this issue: hire for values, not skills; upskill current employees with an effective learning culture; and invest in future generations of cyber defenders.
Hire for Values and Use
Robust Training to Fill in GapsWhen hiring
cybersecurity talent, it’s unreasonable to expect a perfect technical fit right
away. This is why I believe that recruiting based on values is so important.
Rather than seeking out specific knowledge, we look for four attributes in all
candidates: accountability, helpfulness, adaptability and focus. From there, we
see it as our responsibility to fill in the gaps with hands-on training. The
idea of a new employee being productive on day one is a myth and can often be
harmful. Instead, companies must expect a learning curve with new hires and
invest in crucial ramp-up time to give them room to acclimate to a specific
work environment, whether their job is in cybersecurity or not.As a platform for
proactive security model management, ReliaQuest has a unique view into hundreds
of security environments at some of the biggest companies in the world, which
helps us train new hires for the big leagues from the start. We can reproduce
the most challenging security scenarios over and over by rebuilding them in a
simulated environment. This means that when new team members start, they see
these difficult instances 18 times a day. They can learn in five weeks what
would typically take 14-16 months. While not all companies have this kind of insight,
they can still utilize this type of “learning over the shoulder” training
within the specific security environment of the company. This kind of robust
new hire training has decreased our employee ramp-up time by 70 percent,
allowing us to staff up quickly to meet customer demand.Upskill Current
Employees with Performance-Based TrainingOnce this new hire
training is complete, a company’s job of educating its employees has only just
begun. We’ve implemented ReliaQuest University, the company’s dedicated
upskilling arm, to continue elevating our employees beyond week one. This
ongoing, performance-based training helps our team keep up their technical
skills and, crucially, learn how to perform in high-pressure situations.Imagine a batting cage. Sports
trainers in baseball and beyond do everything they can to put athletes in
game-time scenarios. But while batting cages create the experience of having
high-speed balls thrown at a player, what’s missing are the adrenaline and high
pressure of game time. This is where advanced security simulations are
impactful. They give employees the technical knowledge they need while also
teaching them how to respond when things go wrong in a variety of situations.Implementing
performance-based training in this way has helped us to cultivate essential
cyber skills within our own teams and, in turn, promote from within rather than
seek out new talent. We’ve promoted from within the company 47 times in 2017
and 70 times in 2018.Invest in the Next
Generation of Security ProsAs cybersecurity becomes
integral to the safety of both our business and personal lives, it’s our
responsibility to train not only our current employees but the next generation.
I take this responsibility very seriously. In 2018, we invested in establishing
the ReliaQuest Cybersecurity Labs at the University of South Florida (USF),
committing $1 million to the program over five years. Our goal is to inspire
young adults and provide them with opportunities to learn more about
cybersecurity. The simulation lab provides students with core technical
knowledge through 4-week long classes taught by professors and security experts
and is open to anyone at the university. Thirty students graduated from the
Labs in the fall of 2018, and we were thrilled to hire 11 of them.Our team is also
investing in a younger generation through our support of Junior Achievement,
which has exposed around 14,000 5th graders and 19,000 middle schoolers to the
cyber industry.Embrace the Skills Gap
and Collaborate Across Industries The cyber skills gap
isn’t going to disappear on its own. It’s time to embrace it and take
responsibility for it. It’s up to all of us to take someone who has the desire
and ability to learn and provide them with continuous training and development.
This enables them to grow their career and ensures that our organizations are
defended from a growing number of cyber threats.What is learned in a
training environment and what’s needed in a real-world scenario are two very
different things. This is where it’s our responsibility to fill the gap. Some
major private and public organizations are already taking the initiative and
working to address these problems. For example, the Cybersecurity Talent
Initiative pairs private sector
agencies like the FBI and the DoD with Microsoft, Workday and Mastercard to
train cybersecurity professionals, secure jobs for them and even help pay off
their student debt. This kind of cross-sector, creative collaboration coupled
with internal ownership of the skills gap will go a long way to address this
issue and make the internet a safer place for businesses worldwide.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news