Expertise in Cybersecurity Gaps is Sought Through Innovative Methods
In the ever-evolving landscape of cybersecurity, a chronic workforce gap has become a significant challenge for the industry. However, a new approach to hiring and training is emerging, one that focuses on the competencies required for a task rather than specific experience. This shift in strategy could help address the workforce gap and improve diversity.
Oracle, a leading technology company, is supporting government initiatives in Singapore and providing a range of free training and certification programs. This move is part of a broader industry trend that acknowledges the need for novel measures to fill the shortfall.
One key strategy is to broaden talent pools beyond traditional backgrounds. Cybersecurity roles increasingly value soft skills such as ethical reasoning, systems thinking, analytical problem-solving, and adaptive thinking, which exist in disciplines like law, psychology, public policy, and the arts. Including candidates from these non-traditional backgrounds enriches team diversity and resilience.
Practical, hands-on training programs are another essential component of this new approach. Certifications like the Certified Ethical Hacker (CEH) use a dual-assessment model combining theoretical exams and real-world practical labs simulating cyberattack scenarios. This train-test approach builds job readiness, letting employers hire with confidence even when candidates are new to cybersecurity professionally.
Continuous learning and skill development are also crucial in this fast-evolving field. Ongoing upskilling through hacking competitions, Capture-The-Flag challenges, and simulated red team exercises is essential to keeping skills current and enabling non-traditional entrants to adapt and grow in the field.
Structured, scalable workforce models based on learn-certify-engage-compete cycles allow organizations to train large cohorts systematically and efficiently, making it possible to upskill non-traditional candidates at scale to fill critical roles rapidly.
Focusing on future-proof, tools-agnostic skills helps ensure that hires can handle evolving technologies and threats over their careers. Emphasizing underlying concepts and adaptable capabilities rather than narrowly focused technical skills is key to this approach.
Government and industry initiatives are also playing a role in addressing the workforce gap. Strategies such as the U.S. National Cyber Workforce and Education Strategy and EU's Cybersecurity Skills Academy attempt to create clear pathways and support training for diverse candidates, including non-traditional ones.
Brennan Baybeck, SVP and CISO for customer success services at Oracle, stated that partnerships between business and government agencies training people in cybersecurity are emerging. Hyperscalers are offering free training and certifications to help fill the gap. Baybeck believes that a collaborative approach can target areas with the most pronounced skills gaps, such as cloud computing, security controls, coding skills, and DevOps.
Rosso, ISC2 CEO, doesn't foresee AI displacing the workforce but rather changing the types of jobs people do. This shift emphasizes the importance of non-technical competencies like analytical and critical thinking. Rosso expects an increase in demand for skills related to the safe and ethical use of AI within organizations and risk management more broadly.
The non-technical skills organizations are prioritizing include problem solving, curiosity and eagerness to learn, effective communications, critical thinking, and analytical thinking, as stated by Rosso. According to ISACA's State of Cybersecurity 2023 report, 4 million cybersecurity professionals are needed worldwide.
Collaboration between industry, government, and workplaces is essential to address the cybersecurity workforce gap. Organizations are recognizing different ways for candidates to prove their knowledge and skills, including hiring less experienced people and training existing non-security staff. More organizations are considering hiring people with subject matter expertise, certifications, or other credentials, even in place of college degrees.
In conclusion, the new approach to hiring and training in the cybersecurity industry focuses on competencies, soft skills, and practical, hands-on training. This shift acknowledges the "Experience Paradox" and offers a more inclusive and effective way to address the workforce gap. As the industry continues to evolve, it's clear that this approach will play a crucial role in ensuring a skilled and diverse workforce ready to face the challenges of the future.
- Cybersecurity roles need to value soft skills, such as ethical reasoning, systems thinking, analytical problem-solving, and adaptive thinking, which can be found in disciplines like law, psychology, public policy, and the arts, to broaden talent pools beyond traditional backgrounds.
- Hands-on training programs, like the Certified Ethical Hacker (CEH), are essential, using a train-test approach that builds job readiness, allowing employers to hire with confidence even when candidates are new to cybersecurity professionally.
- Risk management skills, such as safe and ethical use of AI within organizations, are expected to see an increase in demand due to the evolving nature of cybersecurity, according to ISC2 CEO, Rosso.
