For years now, it has become increasingly evident that the UK is suffering a serious cyber skills gap. Indeed, a recent study by the UK’s Department for Digital Culture, Media & Sport found that in 2021, 50% of private sector businesses had identified a basic technical cyber security skills gap within their organisation.
The problem is just as prevalent in the cyber sector itself, with 47% of cyber security firms confirming they will encounter technical cyber security skills gaps in the past 12 months, either among existing staff (18%) or among job applicants (40%). With expertise in such short supply, organisations clearly need to take steps to train and retain cyber security talent.
With this objective in mind, there are some key actions that organisations can take that will improve their ability to find the right fit for their security teams – and boost their cyber talent retention rates.
1. Initiate an internal talent marketplace
Looking within and opening up internal mobility opportunities is a win-win in a multitude of ways.
Retraining employees rather than hiring new ones not only enables people already working within the organisation to reinvent themselves in unique and highly productive ways, but also helps organisations to reduce reliance on expensive external recruiters and utilise existing potential candidates with the right mindset and cultural fit.
To bolster the cyber security workforce, organisations will need to broaden the range of potential candidates they consider and focus in particular on those from non-technical backgrounds. In other words, assessing existing employees who have the potential and soft skills required to work in smart and collaborative ways to solve problems.
How to boost internal cyber security training
2. Upskilling and redeploying skills
Organisations that don’t invest in cyber skills training and development programmes for technical personnel and the wider workforce risk throttling their future internal talent marketplace.
Today’s increasingly digital workplace means cyber security is everyone’s business. By extending cyber awareness and training to all employees, organisations will be able to mobilise those individuals that demonstrate aptitude and interest to build up their skills set and acquire industry-recognised certifications that will help the organisation expand and strengthen its cyber security teams.
Alongside initiating a mentorship programme to support people make a ‘job shift’ into cyber security roles, organisations should look to facilitate defined cyber security career pathways. These should extend from entry level IT jobs that will pave the way for a future cyber security career, to cross training opportunities that will enable existing cyber professionals to keep up with new trends, advance their skillset and explore new specialisations.
3. Make use of talent referrals
Organisations that work the network of contacts they’ve built up through participating in security conferences and threat intelligence forums will be able to fast track their search for people with the exact skills or experience needed for an advertised role.
Many IT leaders are already active members of knowledge networks and communities, that present a rich seam of opportunity when it comes to virtually meeting and evaluating potential candidates who are an exact match for their business, in a highly targeted way.
Retraining in IT: how to get a start as a cloud developer
4. Incentivise and motivate
Employee retention is a critical issue as organisations compete for cyber talent and ensuring salary levels are set to attract and keep the best isn’t the only solution in town. Organisations also need to make sure they’ve addressed the top issues that lead cyber security professionals to quit their jobs, such as a lack of skills development or zero job growth opportunities.
Understanding people’s motivations from the get-go during the interview process will also be a key indicator of how long someone intends to stick around and what would motivate them to stay for the long term.
Using these insights organisations can determine how best to boost retention rates. This may include offering flexible work arrangements or giving high performing cyber experts greater autonomy to try out new tools and approaches, adopting a no blame stance if these don’t deliver as expected. Similarly, recognising successes will help ensure that cyber security employees stay motivated and their value to the organisation is visible and taken seriously.
5. Create the right work environment
Addressing the specific needs of individual groups within the cyber security team is critical. For example, creative thinkers and problem solvers will need time and space to do what they do, while analysts and responders will need the right facilities and dedicated tools.
Cultivating a team ethos that is inclusive, supportive and nurturing is also vital. Many organisations are striving to introduce greater diversity into the cyber security recruitment strategy and take advantage of a massive pool of untapped talent. However, a recent report by the NCSC found there is still much to be done when it came to improving the real-world experiences of cyber security professionals in the workplace.
Encouraging more women within cyber security
Final thoughts
Hiring and keeping the right talent is no mean feat and that is especially true for the cyber security industry. By widening the search for cyber security personnel and applying some holistic thinking to how they create happy and stable teams that stay engaged, organisations will not only be able to find and keep employees motivated – they’ll also improve their overall capabilities.
