Expanding cybersecurity capabilities through innovative approaches sought by experts
In the ever-evolving landscape of cybersecurity, enterprises are grappling with a significant challenge: a global workforce gap. According to the latest ISACA's State of Cybersecurity 2023 report, the industry needs 4 million cybersecurity professionals worldwide. To tackle this issue, companies are adopting a variety of strategies to expand their talent pool and build a resilient security workforce.
Brennan Baybeck, SVP and CISO for customer success services at Oracle and ISACA vice-chair, emphasizes the need for creativity in finding, recruiting, and hiring candidates. Organizations are recognizing different ways for candidates to prove their knowledge and skills, including hiring less experienced people who can continue building their skills while becoming familiar with corporate culture and objectives.
One approach enterprises are taking is prioritizing skills over formal credentials to tap into a wider candidate pool, including career switchers and those with non-traditional backgrounds. This strategy could help broaden the field of candidates and potentially improve diversity.
Partnerships between business and government agencies that train people in cybersecurity are emerging. For instance, Oracle is supporting government initiatives in Singapore and provides a range of free training and certification programs. Hyperscalers are also offering free training and certifications.
Another strategy is integrating cybersecurity training as a core business practice, embedded within corporate governance structures, to continuously develop existing personnel and foster organizational resilience. Companies are also launching entry-level and alternative education programs to resolve the pipeline bottleneck caused by many organizations lacking entry-level cybersecurity professionals.
Enterprises are also leveraging managed service providers (MSPs) for immediate talent augmentation. By partnering with MSPs who provide certified cybersecurity talent on demand, companies can enable faster deployment of expertise and knowledge transfer while their internal teams are upskilled.
In an AI-driven world, there will be an increase in demand for skills that touch on the safe and ethical use of AI within organizations and risk more broadly. This shift in the cybersecurity industry is moving from an offensive approach to more of a defensive position around risk management.
Clar Rosso, CEO of ISC2, does not see AI displacing the workforce but rather changing the types of jobs people do, which will put more emphasis on non-technical competencies. The non-technical skills organizations are prioritizing include problem-solving, curiosity and eagerness to learn, effective communications, critical thinking, and analytical thinking.
Security experts agree the industry may need more novel measures to help fill the cybersecurity workforce gaps. Baybeck believes that the collaborative approach can target where the skills gaps are most pronounced, particularly in cloud computing, security controls, coding skills, and DevOps.
Reports from CompTIA and ISACA highlight that the acute skills shortage—millions of vacancies worldwide—requires a blended approach combining hiring flexibility, partnerships with expert providers, and robust internal training to build a sustainable cybersecurity workforce. This enables organizations to quickly close capability gaps amid rising cyberthreats and regulatory demands.
In summary, enterprises are combating the cybersecurity talent gap by expanding hiring criteria beyond traditional degrees, leveraging MSPs for immediate talent augmentation, and emphasizing ongoing alternative training and upskilling to build a resilient security workforce as documented in recent industry analyses. The focus on non-technical skills could help broaden the field of candidates and potentially improve diversity, ensuring a safer digital future for all.
- As the cybersecurity landscape evolves, the risk of data breaches increases, calling for a more robust approach to risk management, which emphasizes creative strategies for finding and hiring candidates with skills in various areas, such as cloud computing, security controls, coding, and DevOps.
- To alleviate the global workforce gap in the cybersecurity industry, enterprises are adopting blended strategies that not only hire candidates with diverse backgrounds but also collaborate with government agencies and tech giants like Oracle for training programs and upskilling initiatives.
- As AI continues to dominate the technology sphere, the demand for non-technical competencies, including problem-solving, communication, and critical thinking, will become increasingly important in the cybersecurity profession, ensuring a balance between defensive strategies and safe, ethical AI practices for a safer digital future.
