Overcoming acute skills shortages in the cybersecurity sector

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

While the technology skills gap has been a recurring challenge for many years, recent reports suggest that the cybersecurity sector is facing a real crisis. Harvey Nash Group suggests that there has been a shortfall of 10,000 people a year in the UK’s cybersecurity talent pool.

About the author

Bridgett Paradise, chief people and culture officer, Tenable.

Technology adoption has surged with every aspect of our lives now reliant on digital capabilities, which has expanded organizations' attack surface. The cybersecurity skills gap, currently estimated to be 2.72 million globally, poses a threat when it comes to securing the infrastructure that underpins our lives.

However, addressing this shortage is a much larger challenge than any single company can resolve. It will require major investments from, and collaboration between, public and private sectors to retrain and retool candidates and a concerted effort on all fronts to attract people into our field.

We need to encourage an interest in science, technology, engineering and mathematics (STEM) fields at a younger age, and that includes ways to address under-representation of diverse backgrounds in these subjects. Diversity of thought, background and experience is critical to the problem solving needed in cybersecurity. 

We need to foster that dynamic and show the next generation of the cyber workforce there are people like them in the industry. It sends a message that “you can do it too.” On that note, people think cybersecurity is really difficult and they probably can't do it, but that’s simply not true. It doesn't take a huge amount of training to get started in cyber.

What are some of the main issues that arise when recruiting for new employees? Is the talent pool too narrow?

In the last 12 months cybersecurity market revenue has grown to more than £10 billion (US$13.2 billion/€11.99 billion) for the first time, with the sector adding over 6,000 jobs. The result is a lot of organizations competing for skilled individuals. For organizations, this presents two challenges: how to make sure they attract skilled individuals and how to retain the workforce they have.

Trust, professional development and the ability to innovate are baseline requirements in today's market for job seekers in cyberspace. Creating an environment where staff are empowered, supported in their career growth and treated with fairness and respect is a must when talking about employee retention.

How can cybersecurity companies support young people in acquiring the needed skills to build a career in this industry?

There are a number of initiatives cybersecurity companies can implement to nurture young talent. When it comes to their own workforce, companies should create internal support networks (mentoring programs, for example) and training and certification opportunities to grow the skill sets of new hires, along with the existing staff, so everyone has career progression opportunities and longevity.

Beyond that, we need to look for ways to nurture individuals to consider a career in cybersecurity. For example, during the pandemic, many schools delivered classes remotely which forced students to embrace collaborative technology — including online learning platforms, video conferencing tools, and more — which were previously the tools of remote employees. 

We should look to build on this exposure. I’d encourage companies to look for opportunities to work with education partners to support the introduction of basic cybersecurity lessons into their curriculum — such as how to spot a strong password, how to use password management tools, and the importance of keeping their own personal devices (phones, iPads and laptops) secure with the latest software updates. This foundation will carry through to the workplace.

Another initiative builds on the current school coding courses that have been designed in a fun, interactive manner for students, which include cybersecurity-related modules to spark students’ imaginations — using quizzes, polls etc — to nurture an interest in cyber awareness early in the classroom.

What are some of the ways in which companies can tackle employee shortages, and attract new and diverse talent?

We need to collectively appreciate that there is no perfect candidate, in terms of experience or expertise - it is the individual that matters most. When it comes to cybersecurity, what is really important is aptitude and a desire to push boundaries and challenge beliefs. For companies, and cybersecurity specifically, if everyone on the team thinks the same way, you’ve already lost the race with attackers. Cybersecurity is not just about how a system works, but seeing how it could or even should work. It requires a degree of creativity. Technical skills and aptitude can be taught, but that ingenuity combined with curiosity - the ‘what happens if I do that?’ mindset - is what makes a great cybersecurity professional.

Having found the right individuals, it’s then about supporting and nurturing their expertise. Hiring managers should also be mindful of how they write job descriptions, and make sure that they are matching the specific job requirements of each position with the skills they are looking for in a candidate. For instance, an entry-level cybersecurity position typically should not require that the candidate hold professional certifications that take multiple years of experience in the field to attain. By being more open-minded about the non-technical skills and abilities that a candidate could bring to the table, and by widening the addressable talent pool to include candidates who are often overlooked, organizations can get a leg up on recruitment.

How does Tenable encourage diversity among employees and look after women in the workplace?

The culture at Tenable is one where every employee feels seen, valued, welcome and has a sense of belonging. Like many, it has adopted a hybrid working policy giving each and every employee the freedom to do their best work, unhindered by the confines of a physical office or desk.

Diversity empowers everyone to achieve greater creativity and innovation, allowing outside the box thinking, and driving innovation that allows teams to grow closer to customers, partners, and communities. We actively seek to cultivate our diverse and inclusive workforce, building an environment that helps everyone achieve exceptional business results. To do this, we offer a number of employee resource groups internally, including Women@Tenable, Black@Tenable, Veterans@Tenable, Pride@Tenable and AZN@Tenable, and continue to add more as further communities are identified. These groups offer a space for employees with a shared connection to come together and learn from each other. They also provide opportunities for employees to learn about the uniqueness of other cultures and things they might share in common.

It’s also not just about work, but about the way we live our lives outside of work. Around the tenable community, we have a number of peer-inspired initiatives, including a Peloton Slack channel, running and walking groups, and other opportunities for like-minded individuals to get together and network.

We strive to be a career destination where employees from all backgrounds are welcome and empowered, treated with fairness and respect, presented with opportunities to make a difference, and provided opportunities to grow.

Tenable has been recognized as a premiere workplace in 2021. How should the ideal workplace in cybersecurity look like?

Like many, Tenable has adopted a hybrid working policy giving each and every employee the freedom to do their best work, unhindered by the confines of a physical office or desk. We trust our people to perform wherever they choose to work and we’re all accountable. The last eighteen months have proven that we don’t have to be in the office to attend meetings, submit reports, or contact our customers. The work our employees do matters. Where they do it matters less.

Tenable wants its people to feel confident in their ability and perform at the top of their game so we invest in our employees through professional development activity funding and tuition bursaries. We know this will make our employees attractive to our competition, but we strive to make everyone feel recognized, empowered to be their best, and competitively remunerated so hopefully they don’t want to leave.

We've listed the best recruitment platforms.

Bridgett Paradise, chief people and culture officer, Tenable.