Skip to main content
Open this photo in gallery:


A report released last year had some sobering news for Canadian companies worried about their vulnerability to growing cybersecurity threats. According to Deloitte’s The Changing Faces of Cybersecurity, Canadian employers are expected to try and fill 8,000 additional cybersecurity roles by 2021, with demand for professionals in the field growing by seven per cent annually. At the same time, an international workforce survey by cybersecurity non-profit (ISC)² found 2.93 million cybersecurity roles unfilled worldwide. In other words, it’s a competitive environment out there for companies hoping to beef up their cyber defenses. Fortunately, there are plenty of ways to position an organization favourably in the hunt for top candidates—and leverage existing assets and staff.

“Employers today need to look beyond academia and traditional staffing agencies to build cybersecurity teams,” says John Hewie, National Security Officer for Microsoft Canada. He encourages employers to find new pipelines for talent, whether that means direct recruiting out of schools, or identifying experienced professionals who have some IT expertise but are also strong problem solvers, can create clarity from complexity and are eager to learn. They may need some additional training, but the diversity of thinking they bring to cybersecurity problems will pay off in the long run.

“There are many opportunities in generational recruiting,” Hewie says. “Gen Xers and boomers in IT can bring their technical savvy to cybersecurity… their experience, insights and leadership are especially valuable in breach response and remediation roles.”

As well, he says, “networking and industry events are the usual good ways to reach potential candidates. There are also many grassroots, community-driven security events that are accessible to anyone happening across Canada. Many millennials who are keen to make a difference in the cybersecurity industry typically attend these.”

He also encourages companies not to overlook their existing high-value employees, identifying and training experienced workers already invested in the company.

No HR professional can discount the importance of diversity in any hiring process, and cybersecurity is no different. Many employers may focus on candidates from computer science or law-enforcement backgrounds, but these are the same candidates that every other company is targeting too. Looking for adaptable, trainable candidates from diverse backgrounds will expand a company’s options considerably.

Take neuro-diverse candidates, such as those with dyslexia, or on the autism spectrum. There’s often a tendency to overlook such candidates, especially those who struggle in job interviews and social situations. But many are high achievers in technical fields with an ability to focus with special intensity on complex problems.

And, of course, don’t forget technological solutions.

“Very few small companies have an internal cybersecurity expert or a security operations centre to monitor threats 24/7,” Hewie says. Partnering with Microsoft allows your small or medium business to benefit from the same world class security capabilities used by the largest companies and governments in the world.

For example, Microsoft Secure Score provides prioritized recommendations to improve the security of your users, devices and cloud environment and makes it easy to implement with a score to measure progress.

As well, Microsoft Threat Experts is a new service within Microsoft Defender Advanced Threat Protection. It extends the capacity of an in-house security team with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.

Demand for cyber-savvy security personnel will only get more intense in the years to come. But by employing integrated technological solutions, establishing pipelines directly into educational institutions and remaining open to candidates from diverse backgrounds, companies can do a lot to put themselves ahead of the competition. Most important, says Hewie, employers must remember that the hard work of cybersecurity involves an entire company, not just a narrow range of expertise.

“Recruiters need to rebrand the work,” he says. “Many cybersecurity related jobs today are less about being deeply technical, and more about managing risk with a passion for improving people’s work and personal lives.”

Advertising feature produced by Globe Content Studio. The Globe’s editorial department was not involved.

Follow related authors and topics

Authors and topics you follow will be added to your personal news feed in Following.

Interact with The Globe