Recruiting in the age of the cyber security skills gap

Tech analysts around the world bring up how there’s a severe shortage of cyber security talent in the world.

The lack of people with the required skills sparks numerous challenges for human resources managers and similar professionals. Here are four of them.

1. People may prefer working at tech-centric companies

When people graduate with cyber security qualifications and get ready to present themselves as candidates to employers with openings, they may prioritise submitting their resumes to big-name tech companies, or companies otherwise based firmly in the tech realm. But, the reality is that other types of businesses — from hospitals to retail stores — need cyber security experts on their teams, too.

HR professionals must figure out how to make non-tech companies attractive to tech talent. Doing that might mean altering the company’s long-term plans to ensure technology is an obvious part of the underlying strategy or giving all team members opportunities to grow their tech knowledge through themed lunchtime lectures or tech-related online courses.

It’s crucial for companies to take steps to increase the tech knowledge of all employees to stay competitive. Brookings Institute found that jobs requiring tech skills are rising. That means all members of a company’s workforce could benefit from an emphasis on tech, even if the primary goal of stepping up a tech emphasis is to recruit talent for open positions.

Which UK cities are the most attractive to cyber specialists?

Crucial Academy’s Cyber Security City Ranking reveals the cities best placed to attract cyber talent

2. The skills gap is already substantial

It’s understandable if human resources professionals feel like they’re trying to climb a mountain that keeps getting higher as they attempt to recruit for cyber security roles and other tech-related positions. That’s because statistics indicate there could be as many as 3.5 million unfilled cyber security jobs by 2021. Tech shortages also exist in areas like cloud computing.

Sometimes, professionals can take a proactive approach and start addressing problems before they become significant, but in the case of the tech crisis, it’s already extremely worrisome. Forward-thinking HR professionals are tackling it the best they can, often by going straight to the source of just-trained talent.

More specifically, they’re recruiting at community colleges, sometimes by offering company-sponsored degree programs. Often, the businesses backing those options get to choose from the outgoing graduates before those people even need to enter the job market. This arrangement is appealing to both students who want to land jobs quickly and the companies that desperately need the skills those people have.

3. Communication skills are critical but lacking

Indeed, it’s crucial for cyber security professionals to understand the most recent kinds of malware, how cybercriminals might attack common devices like the Internet of Things (IoT) gadgets or which viruses people should look out for on their smartphones, for example. But, they also need to know how to communicate.

For starters, cyber security experts at every level are most effective when they can clarify why a company’s leaders must prioritise cyber security. After that happens, it’s more likely those superiors can encourage all the workers in the company to incorporate cyber security best practices.

A 2016 poll of managers found 44% cited written communication abilities as the skill recent college graduates most often lacked. Communication skills help cyber security experts explain their findings and go into detail as to why certain identified risks are so crucial to fix.

Strong communication skills could directly impact a company’s cyber security budget.

Will blockchain solve the cyber security skills crisis?

Cyber risks are changing every day, becoming more and more complex. As some look to restructure their organisations, develop new workforce strategies and offer education for employees about new risks, the demand for cyber security professionals and solutions is increasing

It’s also becoming more common for senior cyber security personnel to speak to a company’s board of directors. According to a recent survey, 72% of board members polled reported that their boards of directors were more involved in cyber security now than a year ago. That means cyber security professionals must be able to submit written briefings to board members or be confident if called upon to give in-person reports.

So, human resources professionals should consider giving people an exercise to do as part of the screening or interview process. It could set up a scenario where the applicant acts as a member of a cyber security team who discovered a previously unknown vulnerability and has to write at least 300 words about how they would explain that issue to upper management.

4. The tech industry has higher-than-average turnover rates

When recruiters decide whether someone is a good fit for a position, they have to look to the future and gauge whether that individual is likely to stick around for the long-term or might be leaving the company after only a couple of months.

Research shows that poor onboarding processes negatively affect retention and whether employees recommend those companies to their friends. Human resource professionals, then, need to recognise that onboarding is as crucial as the screenings, interviews, background checks and other things that happen before people get hired.

However, there’s a particular problem with high turnover in the tech industry, and HR professionals must be aware of it for several reasons. Firstly, they should not quickly lose interest in a candidate solely because that person only stayed at a previous position for nearly a year. Instead, it’s wise for them to dive deeper and find out what made the person feel dissatisfied.

Perhaps the individual felt that the company’s leaders consistently ignored warnings about cyber security shortcomings, making it so cyber security teams’ knowledge and recommendations were never acted upon promptly or at all. Plus, fatigue could be to blame. A study about the struggles cyber security professionals experience found that 62% of respondents felt their organisations were not supplying them with adequate training to maintain competitiveness.

Then, even more — 63% — admitted the cyber security shortage increased their workloads. The associated stress could also put those professionals under mental strain. That’s because 68% reported that their roles could have adverse effects on efforts to maintain a work-life balance. Not surprisingly, then, 38% of those polled mentioned the skills shortage as causing high levels of burnout and attrition.

The science of securing cyber skills

The cyber security skills gap is nothing new. So, what can be done to bridge it? Science may have the answer

Human resources pros must show both creativity and understanding

There is no clear-cut and guaranteed-effective solution for solving the cyber security  — and wider tech skills — shortage. However, human resources experts may get results by thinking outside of their usual practices. For example, instead of immediately looking to external sources to fill non-urgent positions, is it better to offer an internal program that allows existing staff to grow their skills?

For the short term, people may hire tech professionals for contract roles or consider hiring freelancers who work off-site most of the time but are available for virtual consultations through Skype several times per week.

It’s essential that HR professionals also look for ways to minimize the most stressful effects of the tech shortage. During recruitment, they may bring up how their companies offer free gym memberships and on-site yoga classes for people who want to rid themselves of the tensions that can accompany high-pressure roles. Also, they should regularly check in with workers to measure their satisfaction and intervene if needed.

Grievances that get dealt with quickly are less likely to make overall staff morale plummet. Plus, if people love where they work, they’ll be more likely to recommend the company to their friends as a potential employment option.

A recruitment program could give employees even more encouragement to reach out to people they know — and streamline the hiring process of new talent.

The cyber security skills gap in the UK: a multifaceted problem

What are the reasons companies are struggling to tackle the skills gap, and how can they look to solve the problem?

Written by Kayla Matthews, tech journalist & writer.

Kayla Matthews

Kayla Matthews, is a tech journalist and writer.