With the rapid advancement of technology and the continuously changing cyber threat landscape, there simply aren’t enough cybersecurity professionals to match. A quick online search for cybersecurity jobs will reveal countless available positions that need to be filled.
Simply put, organizations need more practitioners in cybersecurity.
The question is – how do businesses go about finding their own cybersecurity sleuths? And, if there is a shortage of workers out there, shouldn’t they look to retrain existing staff that at least have a curiosity for, and an interest, in this field? Finally, how can businesses support them in their career?
Reassuringly, a report by Frost & Sullivan shows that 87% of practitioners “did not start their careers in cybersecurity, but rather in another career”. In fact, they often come from diverse technical and non-technical backgrounds such as marketing, finance, accounting, military, and law enforcement.
So, as long as the hunger is there, it can be done, and many have done it – including myself.
Here a few simple ways businesses can support potential cybersecurity practitioners.
1. Encourage learning
There are several paths to cybersecurity that one can follow, so businesses should encourage budding experts to research the different paths and learn what the required skill sets are. This will enable them to decide which ones are of interest and, of course, which meet the needs of the business.
Do you need a cybersecurity analyst who is able to review data and identify unusual behavior, for example, or would you like someone who can analyze digital evidence in response to an attack?
So what about training? If your security prospects don’t have a degree, or have a degree in another area, suggest they take information security courses that provide them with the fundamentals of information technology. These days, most community colleges and universities offer such courses.
What’s more, there are many free and affordable computer and cybersecurity courses online. to name a few, there are a range of courses from CompTIA - the voice of Information Technology, Cybrary, Coursera, Udemy, Department of Homeland Security – NICCS, and the Federal Virtual Training Environment. Many vendors also have free online webinars or their own YouTube channel with free training videos.
It’s important to ensure anyone keen to progress to a cybersecurity role is encouraged to take advantage of these types of courses, as well as any hands-on labs, capture the flag events and cyber challenges. These will help them narrow down the path where they are most passionate.
2. Encourage networking
Networking is very important, as it helps cybersecurity practitioners meet likeminded individuals who are equally passionate about the field. Encourage potential candidates to meet others working in this space – both inside and outside of your organization – so they can ask them about their personal journey. They will find that most are more than willing to provide guidance.
Associations that focus on the specialized skills of interest to them are a great way to find and connect with members. So support them in attending conferences where they can learn as much as possible and network. There also usually local cybersecurity meet-up groups. Members of these meet-ups operate in many different fields of cybersecurity and are usually happy to share their knowledge.
Finally, consider asking someone from your existing cybersecurity team to be shadowed for a day. I have asked to shadow at an organization in the past, and it has been asked of me.
3. Up-skill the soft skills
In addition to the necessary technical skills, soft skills are also a must for anyone looking to work in cybersecurity. Response to attacks and incidents are rarely handled by individuals. Rather, it takes a team to handle cyber attacks so budding practitioners must have the soft skills in order to contribute.
Regardless of the current role they are in, encourage them to be inquisitive and listen, communicate well, focus on strong team collaboration, develop problem solving techniques, and polish their writing skills. This will enable them to become more attentive to details and able to effectively communicate their findings to the team (technical), management and executives (non-technical). After all, your business will need an organized approach, as a team, to help protect an impacted cyber environment.
The bottom line is that you should create a space in your organization for potential cybersecurity professionals to develop their skills and eventually work their way into the job that really interests them – and meets your business needs. Adopt this approach and your organization will create the next generation of cybersecurity sleuths. And chances are they will want to guide or mentor someone else on their journey too. Surely this can only be a good thing in the fight against cyber threats?