How to reverse the cybersecurity staffing shortage: 5 tips

Much has been made of the cybersecurity talent shortage in recent years, as vendors, conferences, and published reports describe it as a major challenge to fighting hackers and fulfilling the CISO's agenda. However, the shortage is actually self-inflicted, and can be remedied once problems of bias, expectation, compensation, and commitment are addressed, according to Forrester Research's recent Reverse Cybersecurity's Self-Inflicted Staffing Shortage report.

The cybersecurity shortage is due in part to the following issues, according to the report:

How to hire a cybersecurity professional

CISOs and hiring managers must cast a wider net to find, develop, and retain cybersecurity workers, according to the report. Here are five tips Forrester analysts offered to change your recruiting and hiring practices:

1. Redefine what signals a good security candidate

When seeking early career candidates for roles that require less experience, job postings should focus on behaviors and characteristics, rather than certifications or experience with certain technologies. Ultimately, you would spend less time training this person than you would seeking a unicorn candidate with every skill you want.

2. Develop unique compensation structures for security pros

Because security talent is in demand, organizations need to compensate based on the market, as well as offer perks like vacation time, learning opportunities, and flexible work arrangements if possible. Underpaying security professionals will cost you in terms of hiring and turnover.

3. Reduce the number of required skills on requisitions

CISOs and hiring managers need to determine the three to five skills a candidate actually needs, and commit to finding candidates with the desire and aptitude to learn others on the job.

4. Broaden the backgrounds considered when recruiting veterans

Many companies pursue cyberoperators from specialized military units; however, this is a pricy and competitive way to find talent, and fails to consider the potential pool of military veterans who may be able to do the job.

5. Establish or take advantage of apprenticeship programs

Apprenticeship programs can be used to identify and develop cybersecurity talent, and organizations should consider starting such programs on their own or via partnerships with post-secondary institutions, career training organizations, or others.

For more, check out How to become a cybersecurity pro: A cheat sheet on TechRepublic.

Also see