Bridging the Cybersecurity Talent Gap: Rethinking Resourcing & Retention

Image related to Bridging the Cybersecurity Talent Gap: Rethinking Resourcing & Retention

The cybersecurity talent gap is widening as the digital world rapidly evolves and cybersecurity remits extend far beyond the job specifications. This demands a fresh approach to recruitment and retention.

CyXcel’s Managing Consultant Francis Annandale explains how by broadening candidate pools, fostering diversity and prioritizing continuous learning, organizations can build effective and sustainable cybersecurity teams.

Recognising employee value and supporting career growth are key to retaining top talent. Collaboration across industry, government and education is essential for building a pipeline of cybersecurity professionals that will play a pivotal role in securing our shared digital future. 

The shortage of skilled cybersecurity professionals has become a global issue in the last decade, representing one of the most significant challenges for organizations attempting to keep pace with technological change.

It is estimated that there is a global shortage of 3.4 million cybersecurity professionals (Newxel 2024) and the increase in the frequency and sophistication of cyber threats has left organizations, governments and businesses rushing to protect their digital infrastructure.

It is critical that a solution is found to close this gap and organizations are armed with the skilled talent required to safeguard the increasingly connected world. 

 

The Scope of the Talent Gap 

The foundation of the problem is that traditional pathways such as computer science degrees and industry certifications are not garnering enough interest to produce the volume of skilled candidates required to fill the open positions.  

Given the speed of technological change, theoretical learning can quickly become out-of-date, requiring aspiring professionals to constantly upskill to be able to match role requirements. This can deter potential candidates looking to demonstrate the value they can bring to an organization. 

The real-world result is that cybersecurity roles often entail workloads far beyond contracted hours and responsibility that extends significantly beyond traditional IT management, inevitably leading to burnout.

A 2024 study from BlackFog found that nearly a quarter of CISOs and IT security decision-makers are actively considering leaving their roles, with 93% naming stress as the key driver.  

Organizations, governments and businesses must work together to address this problem, and we believe there are a few strategies that could contribute towards doing just that. 

 

Rethinking Recruitment Strategies 

Organizations must explore non-traditional paths for recruitment to plug the talent gap: 

Widen Candidate Search 

Cybersecurity for us at CyXcel is a multi-disciplinary endeavour: it requires expertise in technology, law, geopolitics and technical aspects of security to be effective. The talent pool needs to include a breadth of knowledge around these domains. This would enlarge the potential candidate pool, spread out upskilling requirements and ensure better resilience.

Many organizations struggle with the translation of cybersecurity risks and concepts as well as leadership challenges surrounding messaging to the wider business.

One potential solution is to change the search criteria to include skills such as communication, critical thinking and problem-solving earlier in the recruitment process, with a view to investing in technical training once the position has been fulfilled. 

Following this path may offer a wider array of candidates, especially those that may not have been considered previously, and allow organizations to develop well-rounded professionals who bridge the gap between technical teams and organizational leadership. 

Increase Diversity 

There is a diversity issue in cybersecurity: the workforce remains male dominant, women comprising only 24% of the global workforce in 2022, according to Cybersecurity Ventures.

There is a clear lack of diversity which will naturally limit the ‘perspectives in the room’ and hinder innovation.  A concerted effort to recruit women and individuals from underrepresented groups would expand the talent pool and provide different opinions and ideas within teams. 

Gamify Recruitment 

Cybersecurity is a field that, while technically it is made up of ones and zeros, is less binary than it appears.

Traditional exam-based recruitment methods and testing do not represent the reality of the day-to-day requirements and are somewhat monotonous. Organizations should be looking to gamification to attract talent.  

Leveraging top competitions, hackathons and gamified skills assessments can identify individuals with the aptitude for cybersecurity and provide a more reliable indication of how they would respond to real-life scenarios, as well as being engaging to those taking the tests.

Considering the volume of cybersecurity roles that are available in the market, employers need to demonstrate their value to employees, and gamification of the recruitment process could be a significant selling point. 

 

Building a Stronger Talent Pipeline 

The cybersecurity skills gap cannot be solved overnight, but there are ways for organisations to nurture future talent. 

The Role of Governments & Industry 

Collaboration with universities and colleges can help ensure that education curricula are better aligned with the needs of business. Firms can underwrite cybersecurity programs, offer internships or co-op models providing hands-on work experience for students. In addition, these initiatives can bridge the gap between academic theory and practical application. 

The UK’s CyberFirst program is a notable initiative that provides bursaries and training opportunities for students pursuing cybersecurity careers.

This is an effective way to facilitate the building of the pipeline, but this one initiative alone cannot tackle the scale of the skill shortage. Many more initiatives are needed to meet the requirements of the digital economy.

Improve Education Pathways 

Awareness about cybersecurity as a profession needs to be cultivated early.

Coding camps, school clubs and competitions such as CyberPatriot can nurture interest among school-age children, while also helping them to be safe online. Moreover, basic cybersecurity education can be integrated into the curriculum for foundational skills that might encourage students into becoming cybersecurity professionals in the future. 

 

Retaining Cybersecurity Talent 

Companies work hard to attract talent; they should invest equally in retaining it.

Recognise Employee Value 

Beyond compensation, organizations need to recognise the value their employees bring to cybersecurity and safeguarding the organization. Publicly celebrating achievements, offering rewards for innovative solutions, and fostering a culture of appreciation significantly boost morale and loyalty.

Employees who feel valued are more likely to remain committed to their roles. 

Create Development Paths 

Clearly defined career development pathways and opportunities for specialisation are a necessity for talent retention. Employees should be given the opportunity to develop cloud security, forensics, threat hunting, or any other specialism within cybersecurity that they are passionate about and can contribute positively to the organization.

Professional development plans that are regularly updated make employees feel valued and invested in, which is critical to retention. 

Providing access to training platforms, funding certifications, and encouraging attendance at industry conferences would also help with this, while ensuring that cyber teams keep pace with fast-evolving changes. Using the method of continuous learning not only enhances capabilities, but also keeps employees engaged in the long term. 

Organizations can counteract the talent shortage through the creation of development paths designed to reskill employees in related roles, such as IT or networking, for example, to work in cybersecurity.

Investing in internal training programs fills not only critical positions, but also improves employee loyalty and engagement. 

Upskill Non-Cyber Employees 

The adoption of artificial intelligence (AI) tools in everyday life needs to be carefully managed by organizations that rely on their employees to do their part in securing the networks and data.

It is not enough to expect employees to keep up with the latest news; there must be a concerted effort to provide education and reduce risk through translating technical risk into a business or personal risk, in order to achieve the consistent secure behaviours required of employees. 

Continuously updating and innovating training programs to include AI and AI-related cyber risks is a requirement for all organizations. Whether that is to highlight the rise of AI in phishing attempts or demonstrating the potential data breach risk of using AI for business-related tasks, every function within an organization must understand the ramifications of the rise of AI and how it will affect them. 

 

[Photo by Silas Baisch on Unsplash]

The cybersecurity talent gap is a major challenge, but it is also an opportunity to rethink how organizations attract, develop and retain talent. Embracing diversity, driving innovation in recruitment, and upskilling education are all ways organizations can build resilient workforces that will enable them to thrive in the digital age. Ultimately, addressing this shortage is not just about filling a role, it is about safeguarding the future of our connected world.