President, IBM Canada
A recent surge in major cyberbreaches around the globe reveals cybersecurity threats are growing in both volume and sophistication, leaving potential victims scrambling to find ways to properly protect themselves and their data.
While arming your company with the best security software is a good start, it's not enough. Cybercriminals are becoming increasingly savvy and businesses are falling short on adequately staffing their security teams to defend themselves against these hackers.
Demand for skilled security professionals is one of the biggest challenges facing the industry today, and it's only expected to grow; experts predict a shortage of 1.5 million open and unfilled security positions by 2020. This gap is further exasperated by a lack of the right skills needed to meet the modern security landscape. In the face of increasing threats, this is a shortage the industry simply cannot afford.
One of the biggest hurdles behind the skills shortage is one that companies are creating for themselves – relying on outdated recruitment models and job descriptions to rapidly fill evolving security roles. At IBM, we advocate for a new-collar approach to hiring cybersecurity professionals, focusing on skills, experience and aptitude versus degrees alone. This approach has helped fill seats on the other end of the wire with qualified candidates, and we encourage the industry to evolve their talent acquisition strategy to do the same.
Here are some tips for doing just that:
Redefine hiring models
Work with internal teams and hiring managers to document the attributes and skills that are essential for your organization today and in the future. When doing so, consider positions that could be filled with non-traditional candidates or define new ones. For example, a Security Operations Centre (SOC) Analyst: he or she reports on security incidents, assists with the response and co-ordinates threat intelligence sharing across the SOC. This individual needs to be a multi-tasker with strong communication skills – capabilities acquired through experience, not just a four-year university degree.
Expand where you recruit
Encourage the recruitment team to expand their talent search into community colleges, private technical schools, and other educational programs, as a growing number of these institutions are offering cybersecurity programs yet remain untapped by employers. Build awareness of cybersecurity as a profession and your organization as an employer of such occupations by offering learning sessions and demonstrations.
Create new partnerships
Reach out to government organizations, educational institutions and academic programs in your region. By partnering with business leaders, many Canadian universities are making great strides in driving innovation that equips new graduates with the skills required to thrive in Canada's evolving workforce. An example of this is IBM's partnership with the University of New Brunswick, which has resulted in a security intelligence platform that was the catalyst for the creation of a global security division in Fredericton that supports more than 5,000 customers worldwide. A highly skilled professional local workforce has been critical to New Brunswick's growing reputation as a global cybersecurity hub. Increased investment and collaboration between academia and business, along with other ecosystem partners in both the public and private sectors, will grow opportunities for a new collar workforce.
Develop robust support programs for new hires
Considering the shortage of skilled cybersecurity professionals, it's important to retain new hires by supporting and engaging them as soon as they join the team. Beyond a comprehensive on-boarding program, employers should offer mentorships, rotational assignments and opportunities to shadow more experienced colleagues. Additionally, allow employees to work on a variety of projects and to explore new technologies – not only will this help the employee with professional development, but it makes him or her feel valued and provides the team with a fresh perspective.
Help employees build and refine skills
Cybersecurity is a highly dynamic field, which requires a constant refreshing of skills. Provide employees with opportunities to stay current by encouraging them to enroll in classes and conferences and pursue certifications. Also, do what you can to support existing employees from other functions who are interested in moving into cybersecurity as a new career; they too should have the opportunity to build and refine their skills in the space.
Executives, educators and human resources experts contribute to the ongoing Leadership Lab series.