Look Beyond Traditional Channels to Close the Cybersecurity Skills Gap

(SPONSORED ARTICLE)

The cybersecurity skills gap persists while threats continue to evolve and grow. According to the latest skills gap report from Fortinet, 67% of leaders agree that the cybersecurity skills shortage creates additional cyber risks for their organization.

At the same time, the Great Resignation has led many individuals to leave their jobs in search of something new – which means there are more people out there looking for new opportunities. For security leaders, this could be an opportunity to bring more people into the fold – but that requires putting more effort into recruiting beyond traditional pipelines.

Understanding the Skills Gap

The global cybersecurity workforce will need to grow by 65% in order to adequately defend enterprises’ critical digital assets, according to the (ISC)² 2021 Cyber Workforce Report. Though the number of experts required to fill the gap has lessened in the last year, from 3.12 million to 2.72 million, it remains a considerable deficit that exposes firms to risk.

Fortinet’s global 2022 Cybersecurity Skills Gap report found that 80% of enterprise respondents have been hit with at least one breach they could attribute to a lack of cybersecurity skills or awareness. The survey also revealed that globally, 64% of enterprises suffered breaches that led to loss of revenue, recovery costs and/or fines.

Finding and retaining the right personnel to perform important security roles, ranging from cloud security specialists to security operations center (SOC) analysts, has been a big concern for enterprises. According to the report, 60% of leaders admit that their company has difficulty recruiting and 52% have difficulty retaining people.

The Great Resignation

While ransomware and other security incidents have increased – and the skills gap has persisted – a third phenomenon has also occurred: the so-called Great Resignation. According to the U.S. Bureau of Labor Statistics, 4 million Americans quit their jobs in July 2021 – and there were more than 11 million job openings in February 2022. Employers across sectors have struggled to find and retain employees.

However, there may be something of a silver lining in this situation in terms of filling cybersecurity positions. Many of the people who left their jobs were in search of something new and more fulfilling – which a career in cybersecurity can be. There are plenty of people who come to this field mid-career or via a circuitous route. They may never have considered the field of cybersecurity previously but are surprised to find the rich and varied opportunities that have been waiting for them.

The move to work-from-home (WFH) or hybrid as a result of the pandemic has helped increase the pool of potential candidates, as location is no longer a factor in job opportunities or hiring decisions. Job seekers and employers alike literally have the whole world to choose from now.

Recruiting Beyond Traditional Channels

Recruiting women and new graduates is a major hiring challenge for 7 out of 10 leaders worldwide, and 61% say hiring minorities is a top challenge for their organization. The Fortinet survey also revealed 89% of global corporations have specific diversity targets as part of their hiring strategy as they seek to establish more effective and varied teams; 75% of companies have formal mechanisms in place to expressly recruit more women, while 59% have strategies in place to hire minorities.

Hiring teams tend to focus on technical roles when thinking about jobs in the cybersecurity field. Within cybersecurity, however, many distinct responsibilities are required, just as they are in other industries. There are employment openings at every level – from beginner to executive – as well as both technical and non-technical roles. Every department needs qualified personnel, and each member in the enterprise is accountable for the organization's success and security.

By looking to more “non-traditional” channels for staff, organizations open up their personnel possibilities. One such example is the Fortinet Training Institute and TAA initiative, which are assisting organizations in recruiting skilled individuals, including the Education Outreach program, which focuses on non-profit organizations, women and veterans bringing people into the industry, training them and certifying them so they can work in cybersecurity. In addition, the NSE Certification program offers 8 levels of certifications ranging from non-technical to highly technical courses on key areas, such as SD-WAN and Zero Trust Edge. This enables upskilling, continued learning and reskilling opportunities so that anyone regardless of background can pursue a career in cybersecurity or grow in their technical roles.

A New Recruiting Perspective

Though the cyber skills gap has lessened a bit, cyberthreats increase every year and are becoming more sophisticated. Part of the challenge organizations face is to keep their IT security teams staffed so that they can fight these threats. But events like the Great Resignation and the pandemic have proven that people want more than paychecks and that it’s possible to find talent – or a new job – anywhere in the world.

Still, that gap is big enough that organizations need to add recruiting channels outside the traditional ones to fully staff their cybersecurity functions – including women, veterans and minorities. Training and certifications are another way for organizations to upskill workers and solve their own skills gap issues. It’s necessary to think in new ways to staff this critical aspect of modern business.

Learn more about the Fortinet free cybersecurity training initiative and Fortinet’s Training Institute, including the NSE Certification program, Academic Partner program, and Education Outreach program which includes a focus on Veterans.

Sandra Wheatley has more than 20 years of experience developing and managing holistic marketing and communications strategies that build brands and drive business impact. Sandra is responsible for global corporate communications, marketing, global threat intelligence and global philanthropy. Prior to Fortinet, Sandra led communications for leading technology brands, including Cisco, NetApp and AMD. Sandra currently serves as a board member of the IoTTC Consortium and previously has served on multiple non-profit boards and is a founding board member of US2020, a White House Initiative to improve STEM learning and increase the pipeline of STEM workers in the U.S. She holds a Bachelor of Science degree from Santa Clara University, a diploma in Community Leadership from Boston College, and a diploma in Corporate Responsibility from U.C. Berkeley.