Cybersecurity skills are some of the most in-demand skills in the IT world of today. Hiring managers and recruiters alike lament the lack of skilled candidates leaving positions unfilled and salaries escalating for the limited pool of qualified candidates. I agree that the pool in which we are looking is small; we need to look in a larger pool when addressing the IT skills gap.Yesterday’s WSJ had an interesting article to this point: “Introducing the IT Skills Gap ‘Un-List’” written by Gary Beach. I could not agree more with all of the points made by Gary and any hiring manager in the IT and in particular, the cybersecurity industry needs to read this informative post and take to heart the useful solutions discussed there. These solutions work.
From a practical perspective, I have faced these same challenges for nearly 15 years in the managed security provider space. After taking over a position in the central Connecticut area many years ago managing a security operations center, I struggled with recruiting the needed skill sets. This was particularly frustrating since previously I had the luxury of running IT teams in the DC metropolitan area where there is a very large (albeit competitive) labor pool. Central Connecticut on the other hand seemed like a dead zone. Having an employers account on a few of the major job boards, I used that access to query the resume database using three technology skills relevant to my operation. Searching within a 25 mile radius of my location, the query returned zero results. Aft first thinking that I had fat fingered my keywords, a second attempt produced the same disappointing results. Expanding my radius to 50 miles was not helpful either as no results were returned. Increasingly frustrated, I expanded my search to a 100 mile radius and finally was rewarded with hits. Unfortunately, I was pulling from both the Boston and NYC areas and these were of little value to my needs. What to do?
Gary’s article lists ten great solutions and I would like to demonstrate here how a few of them have worked from personal experience. I’m quite certain they all are effective.
Retraining existing team tops my list. According to the WSJ, 35% of global companies do not support retraining of existing staff and this is a mistake. Perhaps this stems from the perception held by some managers that it is a waste to invest in training as employees will only leverage the training to acquire new skills at the company’s expense, and then turn around and parlay that into a big raise by jumping ship to a new employer. While of course this is a risk, the likelihood is more a matter of the culture of the company as if the culture is one where team members are valued, this behavior has in my experience been very rare. Employees, and especially technical employees, place a very high value on training and continual learning to the extent that the training opportunities are often viewed as part of the compensation package since they do not need to bear the expense on their own of keeping their skills at the cutting edge of business value. The rare few who do turn around and screw the company are better off leaving anyway because more often than not, they are mercenary takers instead of team players and it is better in the long run to not have such types on a cohesive team.
The one challenge with retraining is that it does take time. Having recruited and developed technical teams all over the globe, bringing together a new team is very much like an expansion sports franchise. One needs to grab a few veteran free agents to compliment a team of raw rookies simply to go out and be competitive on game day. At first, they stumble but every week the team gets better and soon, they become one heck of a thundering herd. They are very loyal too! In time, the veterans fade away as most are mercenaries anyway and the strategy moving forward needs to become one of consistently bringing new talent through the system, developing them, and partnering with more experienced workers to support advancing their careers within the organization. Retraining and internal development works. I have successfully used this tactic with teams on three different continents with consistent results and highly recommend it to any IT manager.
Another area Gary suggests is to consider those with disabilities. Getting past initial misconceptions, I can tell anyone that disabilities are not a roadblock to job success. While in a somewhat different industry and going back a couple of decades, facing similar skills shortages I was able to build a customer facing team to run the business consisting of a group of individuals who all were Deaf. Challenging? At times, yes but well worth it and effective. Again, the team created this way is very loyal. Why not a team of Deaf security analysts?
I’m sure others have had similar success and welcome comments and discussion. For those who have not yet moved to thinking outside the box, Gary makes excellent suggestions in his post and all are worthy of implementation. Applying creativity, addressing the IT skills gap is very achievable.