More than half (51%) of executives in our Global DTI 2021 survey say they plan to add full-time cybersecurity personnel over the next year. More than one-fifth (22%) will increase their staffing by 5% or more.
Top roles they want to fill: cloud solutions (43%), security intelligence (40%), and data analysis (37%). Cloud security and security analysis are among the skills that a joint ESG and ISSA survey cited as being in shortest supply.
Hiring managers face tough competition in the cyber labor market. The most recent studies indicate that, in the US alone, 50% fewer candidates are available than are needed in the cyber field. Globally, some 3.5 million cybersecurity jobs are expected to go unfilled in 2021.
In their new hires, more than 40% of executives are looking for analytical skills (47%), communication skills (43%), critical thinking (42%) and creativity (42%). Shaping the future of cybersecurity — one that is in step with the business — means hiring the people who are ready to work collaboratively with others to tackle new, as-yet-undiscovered problems and analyze information.
These in-demand qualities correspond with the expanded role of the CISO as not merely a tech leader, but one who works with colleagues in the C-Suite and the business side to add value overall.
“Works well with others” is an increasingly important trait for advancement in cyber. CISOs used to look for the person who knew the most about how to configure a firewall or identity and access management, for example. Not anymore. They’ve realized that those skills could be taught a whole lot easier than executive skills. Good communications, good analytical thinking, and the ability to step outside the process and imagine new and better ways to do it — those soft skills are harder to teach.
To attract this new breed of cybersecurity professionals, organizations find the following to be most effective: flexibility, compensation, and training and “cutting-edge projects, technology, and work environment.” Tuition support ranks high with employees in the technology, media, and telecommunications industry, as well.
Digital building blocks
Enterprises feeling the pinch of the cybersecurity skills gap may find much talent in their own backyards. Organizations are hiring from within, offering upskilling to increase current employees’ skills in the same key areas they’re hiring for: digital skills, business acumen, and social skills.
Organizations should challenge long-held beliefs about training, and design their programs to be people-powered, business-led, and results-oriented. This approach, which we call upskilling 2.0, uses techniques such as gamification to increase participation, improves effectiveness and recall by having students apply their newfound knowledge to challenges they face on the job, and rewards progress toward tangible business outcomes.
Executives set a good example: almost three-quarters (72%) of technology/security executives report spending three or more hours per week on work-related learning, and more than one-third (36%) devote more than seven hours per week to learning. Taking courses toward certification and taking online classes are top ways that executives say they keep pace with fast-evolving developments in tech and cyber, after networking with peers nationally.
Other organizations may not have the resources to compete for cyber talent in this tough market. In such cases, using a reputable managed security services model can help provide companies with a diverse, readily available, highly skilled workforce. The best managed services providers continually invest in hiring, credentialing, and upskilling. They may also have apprenticeship programs that provide their staff with a range of experiences in different industries.
Managed services platforms — networks, the cloud, data, analytical tools, visualization, machine learning — are constantly evolving. By moving to a managed services model, an organization can avoid not only technology investment costs but also the risks that legacy technology poses, including the need for constant upgrades.
An overwhelming majority — nearly 90 percent — of executives use or plan to use managed services. Eighteen percent say they’re already realizing benefits from managed services, while 49% are starting to use them, and 18% plan to do so in the next two years.