cybersecurity skills gap

How to Upskill Cybersecurity Job Candidates to Transform Them Into High-Performers and Excellent Communicators

cybersecurity trainingThe cybersecurity workforce landscape is at a serious threat level. Millions of jobs are unfilled, and most companies state they can’t find qualified cybersecurity job candidates. If we continue on this trajectory, risks will rise and jeopardize the data and networks of thousands of businesses.

As an industry, we must change how we hire, recruit, and develop cybersecurity talent. Expanding how you consider someone qualified is a necessary step. Seeing the potential in someone who doesn’t necessarily check all the boxes is one way to address the shortage. For this to work long-term, upskilling must be a part of your employee development strategy.

This upskilling includes hard and soft skills because cyber job candidates need both to thrive. Let’s review the current cybersecurity workforce challenges, the facts about the skills gap, and how to upskill new hires.

Cybersecurity Workforce Challenges

Cybersecurity job growth is a bright spot in the tech industry, with many opportunities for someone to have a career that pays a good wage and is in demand. However, the field is currently experiencing significant shortages.

According to the (ISC)2 2022 Cybersecurity Workforce Study, the global cybersecurity workforce grew to over 4.6 million, which is an 11.1% year-over-year increase. Unfortunately, 3.4 million jobs remain empty. As a result, many companies and cyber firms are operating without enough people, which can directly impact risk.

So, why is the industry struggling with recruitment and retention? It’s a complicated ecosystem, so there’s no easy answer. The cybersecurity workforce shortage is the result of several trends and occurrences, including:

  • The cyber threat landscape is rapidly expanding, driving the demand for cyber professionals in all industries and businesses. In part, this is a supply and demand issue.
  • People leave the industry due to burnout. It’s a common problem in a high-stress environment, and most organizations aren’t doing enough to mitigate this. Without proper staffing, people have to do more work, which increases the feeling of burnout.
  • Younger generations aren’t choosing cybersecurity as a career. Only 12% of the cybersecurity workforce is 34 or younger. The industry needs to find ways to connect with students to attract new people into the field.
  • Many organizations place too much emphasis on degrees and certifications, which often don’t correlate to having the right abilities, aptitudes, and attitudes. As a result, companies reject those who could be a better fit but need some upskilling.

If the industry remains on this path, the shortages will only worsen. Intervention is necessary for the entire community. What you can do to ensure your data and networks remain under protection is to focus back on skills-based hiring.

The Cybersecurity Skills Gap

We can’t talk about the labor shortage without addressing the cybersecurity skills gap. It would be great if every cybersecurity job candidate had years of experience and an array of skills. However, cyber leaders agree that a skills gap exists. According to the same workforce study cited above, 55% of hiring managers say applicants don’t meet the criteria of being qualified. The deficit here includes:

  • Hands-on training and experience
  • Credentials
  • Degrees
  • Recommendations

These things don’t always indicate that the person can do the job. The same study also looked at specific skills with gaps, which are the ones that matter in terms of upskilling. The skills in demand and often lacking are:

  • Soft skills (e.g., communication, leadership, adaptability)
  • Cloud computing
  • Security controls (e.g., network, application, endpoint, implementation)
  • Coding skills
  • Software development-related topics (e.g., machine code, testing, languages, deployment)
  • Data-related topics (e.g., characteristics, collection, classification, processing, structure)
  • Network-related topics (e.g., architecture, networking components)
  • Pattern analysis
  • System hardening
  • Computing devices (e.g., software, hardware, file systems)

It’s a mix of soft and hard skills, but the latter was at the top of the list. It’s possible to develop both of these in an individual who has the desire to learn and evolve. Those abilities aren’t always apparent in technical folks. However, if they are willing and have a good foundation to start from, upskilling can be the key to keeping great people long-term and continuously improving.

So, what’s the upskilling plan?

Building an Upskilling Plan for Cybersecurity Job Candidates

The first part of the plan should start with a clean slate of qualifications. Define what is imperative and what someone can learn over time. Get to the root of what makes someone a good cyber professional and what attributes they should possess.

In upskilling, you’ll have two paths — technical and soft skill development.

Addressing Technical Upskilling

In looking back at the list of skills above, those in the technical category are pretty standard. That’s a good starting point, but you should also consider the future and add training around AI tools and use cases. The curriculum will evolve as the threat landscape does.

How will they learn these skills? You need to create a learning environment for employees. This can include hands-on training internally, certification classes that you determine as high-quality, and other resources. Making continuing skill development part of your recruitment and retention strategy can attract people to your company and ensure you keep high-performers.

The other part of this is soft skills, and the plan to develop these in technical folks can be more demanding and challenging.

Improving Soft Skills in Cybersecurity

Soft skill development is a path that requires commitment and consistency. It’s about behavior change, and there can be many growing pains. First and foremost, you want to find cybersecurity job candidates who are open to this. Sometimes that might not be obvious until you have a few conversations and try to understand what motivates them and if they can handle flexibility.

Transforming anyone into a better communicator and collaborator isn’t easy. With technical folks, it can be harder, as they often have fixed mindsets, see things as black-and-white, and believe they know all the answers. These people could have impressive technical prowess, but these attitudes won’t fit into a healthy culture where everyone is open and transparent. Are they lost causes? No, but again, they must want to change.

You can drive this change with guidance from the Secure Methodology™. It’s a seven-step process that I developed because of the soft skill deficiency and recognizing its value in creating and maintaining a strong cybersecurity posture.

The Secure Methodology: The Framework for Soft Upskilling

Here’s a preview of each step and how you can leverage it to improve the soft skills of technical people:


The guide starts with awareness, with the objective of being mindful of the self and others. When this is missing, people don’t see or understand how their behavior affects others. If this is rampant in a culture, conflict and resentment build. With exercises on reflection and perspective, people can get to a state of awareness that improves how they interact with others.


Mindset is crucial in soft skills, and every person on your team needs an open one. A person cannot change without it. Key to this is defining someone’s motivations and why they respond as they do. In this step, the 7 Levels Deep Exercise is a good foundation.


The third step is acknowledgment. There are several layers to this step. First, it encompasses feedback and its value to cyber professionals. Your staff wants to hear from you about accomplishments and how they are helping the organization. Not all feedback will be positive, and accountability matters, but you should do this in one-on-one conversations. Ensuring that your team feels appreciated and valued will prompt them to adapt with less friction.

Second is acknowledging that cybersecurity is difficult and filled with uncertainty. You set the tone of the culture, and if you do this well, your team will follow, enhancing their people skills.


Communication is the fourth step and the most essential soft skill for anyone. It’s never a bad investment to develop someone’s communication skills. Just be clear on what this means. Being a good communicator and articulate aren’t the same thing. Yes, what we say matters, but most communication isn’t verbal.

An excellent communicator is clear, concise, and transparent. They also recognize the needs of the audience and listen to them fully. Assessing candidates based on communication skills can involve prompting them to share real-life stories about how they used it to overcome challenges.

Listen for their use of geek speak or overly technical terms. This could be a red flag if they aren’t willing to drop the posturing.


Next is monotasking; it’s a soft skill you don’t hear much about. Most technical people have been doing the opposite — multitasking. Many believe this is a valuable trait. It is important to be able to juggle priorities, but blocking off specific time to concentrate on one task can make people more productive and eliminate feelings of being in fight-or-flight mode all the time. They will need to act quickly at times and move around priorities, but encouraging monotasking lets people think more critically and problem-solve more effectively.


In the Secure Methodology, cognitive empathy is the sixth step. This type of empathy is the ability to understand another’s feelings and perspectives. It’s crucial to a person’s ability to be a great communicator and collaborator. Much of this relates to stripping down egos and dynamics of “me vs. them.” You can’t have a successful cybersecurity strategy and team without empathy.

Human connection is vital in cybersecurity, and in this phase, you support people to become more empathetic.


The last step is kaizen. It’s a Japanese term meaning “continuous improvement.” It’s the step that never ends and focuses on adaptability and flexibility. When you reach this phase, your staff should be in a state where they want to continue to develop their soft skills and transfer them to others.

Upskill Cybersecurity Job Candidates with the Secure Methodology

The Secure Methodology provides a framework and tools to transform candidates lacking skills. It’s a proven way to change behavior, with benefits for the person and the organization.

Get more insights on each step by reading my book, The Smartest Person in the Room. You can also explore how to apply it in the Secure Methodology course.

Diagnosing the Root Causes of the Cyber Workforce Shortage

cybersecurity skills gapThe cyber workforce shortage has been the talk of the industry for the past few years. Many jobs remain unfilled, and experts predict that will only grow. The reason for this gap is the result of many different factors. At the heart of the problem are root causes. The field can attract and retain workers by identifying these and working to overcome them.

In this post, we’ll look at the data, diagnose the root causes, and define how to close the gap.

The Data on the Cyber Workforce Shortage

There is a lot of data on the cybersecurity workforce landscape. It’s a pervasive issue, so developing reports and surveys is in high demand to uncover the why. We’ll look at the ISC 2022 Cybersecurity Workforce Study and the ISACA State of Cybersecurity 2022 Report.

The workforce study detailed that the global cybersecurity workforce grew to over 4.6 million, which was an 11% year-over-year increase. Even with this increase, there are still 3.4 million jobs that are vacant. It’s something that’s keeping cyber leaders up at night. Survey respondents had this to say:

  • Organizations with a significant staff shortage had more concerns about risk, with 74% stating it was extreme or moderate.
  • 60% of organizations said they are struggling to keep up with turnover.
  • 70% of companies have challenges with retention.
  • It takes, on average, three to six months to fill an empty role.
  • There is a correlation between cyber professionals not feeling their input is welcome and valued and low employee experience ratings.
  • Younger generations have new expectations in work, with this group more concerned about emotional health, Diversity, Equity, and Inclusion (DEI), and having a voice.

What Conclusions About the Workforce Gap Can We Make Based on the Data?

So, why does this gap exist? It’s complicated, and many things driving it are outside your control. We can draw some conclusions from the data that diagnose what’s happening.

More Threats Drive Demand for Cyber Professionals

First, the demand for more cyber professionals would, of course, increase as cyber threats do. Cybersecurity is about identifying and mitigating risk, so it doesn’t exist without the threat landscape. It keeps us all gainfully employed but consider how much it has evolved in the past few years.

Ransomware is more prevalent than ever. The means to carry these out have become much more sophisticated. It’s a favorite tactic for hackers, mainly involving financial gain as the desired outcome. Cybercriminals are using old and new weaknesses to attempt to seize control of applications, data, and systems.

Cybercrime-as-a-service enables a new group of criminals to hire hackers on the dark web to do their bidding. You can now choose from a “menu” of attacks, from phishing to ransomware to AI-enabled cybercrimes. No one has to be a cyber genius to launch these attacks. Hacking is now more accessible—a commodity even. As a result, the threat landscape broadens.

Hacktivism is another emerging trend that’s increasing risk. For the first half of 2022, DDoS (distributed denial of service) attacks increased by 203% over 2021, with many of these fitting the hacktivism label. It’s a different motivation for these cyber criminals and impacts businesses even if they don’t have social or political ties.

Then you have all the advancements that AI brings to the hacker toolbox. It enables them to improve phishing campaigns and send them out more quickly. It can help them gather data for attacks, create deepfakes, hide malware, and break passwords and CAPTCHAs.

These are just some highlights, but they represent all the risks and threats that cyber professionals must defend against every day. For organizations, it’s a driving need to hire more people and keep them.

Retention Is a Concern, and Burnout Plays a Role

The job of a cyber professional can have moments of high pressure and stress. Without a healthy culture to balance this and consistent communication, this can lead to burnout. If you don’t have enough people, then those you do have to end up with more and more on their plate. Many technical folks further disconnect from the job, considering it their biggest stressor. Being overwhelmed in this manner often ends in attrition.

Without focusing on evening workload, communication, collaboration, and a healthy culture, burnout will grow and play out repeatedly.

Burnout isn’t the only cause of poor retention. It’s also the environment. If it’s toxic, more people will leave. They have options with so many jobs available. Other things that contribute to this are compensation that’s not competitive, lack of promotion opportunities, no management support, and inflexible work policies. Regarding financial incentives, only 31% of organizations said they pay a competitive wage.

In short, you can’t attract or keep good employees if you don’t address burnout and retention.

Cyber Professionals Need More Acknowledgement and Connectedness

Your current and future employees have a lot of knowledge and expertise. Failure to acknowledge this or ask for their contributions to a challenge creates low morale. It isolates people who are often introverts worried about saying the wrong thing. If they keep this close to the vest, you also can’t understand their motivations and what they need to succeed.

The Workforce Study found that lack of support from leadership contributed to a lower employee experience. Improving this is something within your control. When workers feel valued for their input and part of something bigger, they are more engaged and open to learning and growing. Creating such a culture ensures that you can attract and retain great workers.

Younger Generations Have Apprehension About the Industry

Cybersecurity has a branding problem, as younger generations have new expectations about work and for whom they work. Currently, only 12% of the cyber workforce is 34 or younger. It’s one of the most consequential drivers for the cybersecurity workforce shortage.

Cybersecurity needs a rebrand to attract these people. It should include things like improving culture, eliminating gatekeeping and blustering, being more communicative, embracing diversity, valuing the employee voice, and helping them grow professionally and personally.

One of the best ways to do this is with the Secure Methodology™. It’s a seven-step guide to transforming technical folks into excellent communicators and collaborators. It can be a key way to address many of the challenges related to the workforce gap.

Using the Secure Methodology to Improve the Cybersecurity Workforce Shortage

Here’s a preview of each step of the Secure Methodology, which I defined and designed in my book, The Smartest Person in the Room. The title refers to how many cybersecurity professionals see themselves and how that can be a downfall.


In this first step, people become aware of themselves and others. Through the exercises in the book, technical people can begin to understand their behavior and its effect on others. It can be a struggle for anyone, especially cyber professionals. Once they achieve awareness, they can let go of fears about uncertainty and their place in the organization, which can counter burnout and improve the employee experience.


Individuals have a growth or fixed mindset. When it’s fixed, they do not change. They accept their perspective and won’t work to evolve it. It’s a problem that will hamper recruitment, retention, and job satisfaction. If your culture presents a place to grow and adapt through a broader mindset, you can attract and keep people on staff.


We talked about acknowledgment earlier and how it feeds into the employee experience. By practicing acknowledgment, your team understands their importance and gets the feedback they crave. Involving your people in big decisions is another form of acknowledgment, and it can go a long way in positioning your company as a great place to work and thrive.


The fourth step is communication, and it’s really the core of the Secure Methodology. We cannot fix the workforce shortage issue without clear, consistent, and meaningful communication. Communication starts in the recruitment phase with being transparent and open about cybersecurity. It also has to be a central part of everything you do with employees.

When it’s part of your culture, you’re building a collaborative and cooperative team. They’ll be able to engage better with each other and the business side. As a result, everyone can be on the same page and reduce the ambiguity that drives dissatisfaction and churn.


Monotasking is essential to supporting the overworked, which cyber professionals tend to be. It’s even more so with so many companies short-staffed. It’s the principle of concentrating on one task without any disruptions. It gives them time to focus and use critical thinking and problem-solving skills. The result of this could include improving stress levels and people being more comfortable in asking for help.


Empathy within your cybersecurity culture means the ability to understand another’s perspectives and feelings. Developing this skill in technical people can encourage them to feel less frustrated with their customers (users). With attention toward empathy, people can learn to let go of blame and resentment, which often festers and creates burnout and attrition.


The last step is Kaizen, which means “change for the better.” It’s the ultimate objective of the Secure Methodology. It’s all about continuous improvement. A culture that embraces this will attract excellent candidates and keep them. There is no perfect in Kaizen, which the smartest people in the room are attempting to achieve. There is only the motto of constant improvement.

You can learn more about each step and how to use it to transform your organization and solve the workforce shortage problem by reading my bookCheck out the Secure Methodology course, too.

Is the Cybersecurity Skills Gap Fact or Fiction? It Depends on the Skills

cybersecurity skills gapIn the conversation revolving around cybersecurity and the shortage of workers, one thing that gets tossed around a lot is the cybersecurity skills gap. Many cybersecurity leaders are feeling the pinch to recruit and retain workers that have the right abilities, but is this fact or fiction?

The answer is that it depends on the skills desired for the position and involves technical and people skills. So, where are the biggest gaps, and how can you develop these in your people?

In this post, we’ll dive into some data related to the cybersecurity skills gaps. Then, we’ll look at solutions to bridge it.

What Are Cybersecurity Leaders Saying About the Skills Gap?

The profession of cybersecurity is in a state of decline. The 2022 (ISC)² Cybersecurity Workforce Study reported that the industry needs 410,695 people to meet demand in the U.S. This shortage of workers is a cause of great concern for many reasons, including that it’s putting organizations at greater risk of cyberattacks. In fact, 74% of survey respondents said the problem is at least a moderate risk. The leading reason for the gap, according to the report, is a lack of qualified talent. As a result, 62% of organizations are investing in recruiting and hiring, and another 64% are doing the same for training.

What Do People Need to Be Qualified?

So, what skills are these people without that defines them as not qualified? If you look at education, 88% of cyber professionals responding to the workforce study had at least a bachelor’s degree, with 48% having a master’s or higher. This would indicate proficiency and deep knowledge of hard skills. When asked about the qualifications that are the most important, hiring managers ranked these the highest:

  • Strong problem-solving skills
  • Relevant IT or cybersecurity experience
  • Knowledge of basic and advanced cybersecurity concepts
  • Strategic thinking skills

Cybersecurity certifications trended down as a must-have for employment, as did educational requirements. What we can gather from this data is that attractive qualifications have shifted to focus on soft skills, experience, and fundamentals.

Another report from the ISACA revealed that 55% of cybersecurity leaders believe candidates aren’t qualified. Those respondents did emphasize experience and training but also prioritized education and certifications. These responses are somewhat in conflict, specifically prioritizing credentials and education. These will always be things that can demonstrate a person’s technical aptitude. It depends on the degree and the certification, as often these people can be paper tigers—they look great on paper but don’t have the practical knowledge to be effective and high performing.

Qualified ultimately comes down to the skills someone possesses. These can be the result of earning a degree or certification. Others we learn through life and work experience. So, where is the real skills gap?

The Cybersecurity Skills Gap Reality: It’s More About the People Skills

A cyber professional can be the literal smartest person in the room when it comes to understanding all the technical aspects. They may be up-to-date on the attacks hackers are launching, the latest cybersecurity automation tools, and have superior knowledge about the cloud or controls. From the ISACA report, cyber managers listed these as the most significant skills gaps:

  • Interpersonal skills, including critical thinking, problem-solving, collaboration, and attention to detail
  • Cloud computing
  • Security controls knowledge related to endpoints, networks, applications, and implementation
  • Coding abilities
  • Software development capabilities such as languages, machine code, testing, and deployment
  • Data-focused areas such as classification, collection, processing, and structure
  • Network aptitudes regarding architecture and network components
  • Pattern analysis
  • System hardening
  • Hardware, software, and file system devices

This list has soft and technical skills but soft was at the top for cyber leaders. Looking more specifically at the interpersonal skills they favor, it aligns with qualifications.

They need people to apply their cybersecurity knowledge with better people skills to ensure teams can work together to solve problems and not let things fall through the cracks. To do this, technical folks must be great communicators and collaborators, which is often tricky. Are these even skill sets someone can develop?

When assessing the cybersecurity skills gap, soft skills are the biggest challenge. So, how do you bridge the gap? There are many strategies to take that require a shift in perspective regarding talent acquisition and improving the abilities of your current staff.

Bridging the Cybersecurity Skills Gap Strategies

There are two concepts at play. First, you need a recruitment strategy to find and develop people with hard and soft skills who demonstrate great potential. Second, you need a plan to help current employees grow their people skills, so they can thrive and be successful.

Reframing Your Recruitment Strategy

If you want to improve your talent acquisition pipeline, you’ll need to adjust your parameters. A focus on skills-based hiring is the first step. In this framework, you’re putting less importance on a degree and more on the person’s ability to do the work based on their attributes.

To do this, you have to look at more than their resume. Not every person is going to have every qualification, especially hands-on experience. They can’t get it if no one gives them a shot. You can use some different assessments to understand someone’s potential.

Once you begin interviewing, you’ll have the opportunity to evaluate their communication and problem-solving skills by asking questions about these two things, such as:

  • How did you communicate with stakeholders regarding a challenge in a project?
  • In what ways do you use critical thinking when faced with a problem?

They could be a great performer in your organization if you see something in them. If they don’t have every credential you expect, you can help them obtain it while they learn on the job.

Remember that new people may be entering cybersecurity as their second act. They may have a lot of great experience in other fields that are transferrable soft skills. These are people likely worth adding to your team. If they have the motivation and desire, they will continue to hone their technical skills.

Continuing to Develop People Skills for All Your Technical Folks

Whether someone started yesterday or 10 years ago, they must continue a journey to improve their soft skills. A lack of focus on this can have detrimental consequences. You may have enough people that know cyber in theory, but their inability to connect and communicate can elevate risk.

As a framework to do this, I developed the Secure Methodology™. It’s a seven-step process that cyber leaders can use to transform black-and-white technical people into those that see the gray in situations by becoming better at interpersonal skills.

Here’s a preview of the steps and how they bridge the cybersecurity skills gap.


The journey starts with Awareness, which applies to the self and others. When this isn’t present, people do not understand their behaviors or that they are causing conflict, friction, and resentment. Moving people into an awareness state helps them gain more respect for others, which is key to a high-performing team.


Mindset is the next step; the goal is to move a person from a fixed mindset to a growth one. With this shift, people become more open and willing to see the many sides of an issue. Supporting this with the 7 Levels Deep exercise is a good foundation.


Acknowledgment is something cyber leaders must initiate. When you acknowledge people for their work, you’re creating a culture of trust and transparency. It can be a good tactic to combat burnout, or the persistent thinking cyber professionals have that they must know everything and can do anything. If people admit they don’t know, they can be open to learning and growing.


Communication is the most vital soft skill and is part of every exchange we have in life. Technical folks that rely on geek speak and non-inclusive language aren’t good communicators. In fact, most people will feel they are being condescending and rude. That’s not the communication skills you want to see in your people! In this stage, you apply activities and exercises that focus on listening as much as talking. If you prioritize communication, it becomes part of your culture and is in continuous development.


You may not think that Monotasking is a preferred skill. After all, most people are multitasking all day long, but it can lead to more stress and errors. Introducing the concept to your team may be met with resistance. Explain why working without distractions is important, as it builds the attention to detail skill set that matters considerably in cybersecurity.


In the Secure Methodology, cognitive empathy is the focus. It describes when you can understand another’s feelings and points of view. This capability is crucial in communication and collaboration. Seeking this out in new hires and working to help people improve it are a big win in the skills gap.


Kaizen is a Japanese term meaning “continuous improvement.” It’s a step that’s never over, as you want your staff to continue to improve their hard and soft skills. To align with this, they must be comfortable with adaptability and flexibility.

The Cybersecurity Soft Skills Gap Is Fact; Close It With the Secure Methodology

Closing the skills gap takes time and commitment. With the Secure Methodology, you have a framework to support your efforts. Get more details on how it helps by learning about the Secure Methodology course.

The Urban Legend of the Cybersecurity Skills Gap

cybersecurity skills gapAccording to the Information Systems Security Association (ISSA), we’re facing a cybersecurity skills crisis. Their recent report calls the gap in qualified individuals a “rapidly widening business problem,” claiming businesses are investing their resources in the wrong places when it comes to cybersecurity.

ISSA partnered with Enterprise Strategy Group (ESG) to look at the state of qualified cybersecurity professionals in the workforce. Around 70% of respondents to their survey said they felt a lack of cybersecurity skills within their organization was affecting their company. According to the cybersecurity organization (ISC)², almost three million cybersecurity jobs needed to be filled globally as of 2018.

Most people agree that this is a serious problem. The lack of qualified professionals at major businesses with knowledge in cybersecurity is exacerbating data breaches, and has been called an “existential threat to our national security.” What there doesn’t seem to be a consensus on is how that problem should be solved.

Are There Really Not Enough Qualified People to Fill the Cybersecurity Skills Gap?

The short answer seems to be no. Rather, the problem seems to lie with the paths made available to talent looking to get into the cybersecurity industry.

For a long time, the university path has been the main place students get recruited into cybersecurity jobs. Organizations recruit from universities, and many require a college degree as part of their job descriptions for cybersecurity roles. But there are thousands of talented people that miss out on these job opportunities simply because they don’t choose to go to college.

In an article for Forbes, cybersecurity contributor and CEO of Immersive Labs James Hadley argues that the cybersecurity skills gap won’t be mitigated through the classroom. He argues that self-taught, talented people should be recruited and trained by organizations before they take their talents to the wrong side. He writes:

“The world is desperate for cybersecurity talent, yet the sector limits entrants and clings to obsolete training methods. As the skills gap grows and organizations become increasingly vulnerable to ever-more-complex threats, the need for a diverse pool of cybersecurity experts to learn in real-time, rather than a classroom, strengthens.”

Hadley uses the example of 22-year-old Daniel Kelley, who hacked the telecom company TalkTalk, stole the data of thousands of users, and used it for blackmail as an example of what could happen if people who feel snubbed by the system use their talents for ill. Kelley didn’t make the grade required for a computer course and attacked TalkTalk out of a desire for revenge. He could’ve ended up using his skills to help instead of hurt, Hadley argues, had that path not been closed off to him.

Companies don’t want to train employees, preferring that they come to the job with the skills they need already, but the nature of cybersecurity work demands constant retraining and maintenance of those skills. There are qualified people ready to help stop the next cybersecurity threat if companies are willing to adapt to them.

How Can Companies Fill The Gap?

The threat of cyberattacks and hacking isn’t going away. In fact, they’re likely to increase as time goes on and the technology both companies and hackers use becomes more sophisticated. That’s why businesses should do everything they can to make themselves resilient to cyber threats. How can they do that?

First, hire and train the right people. Provide them with the time and resources they need to continually develop their skills to match the changing threat and technological landscape. Devote more of the company budget to cybersecurity. Currently, 49% of companies say that cybersecurity is a budget priority, but pros say that figure should be closer to 60%.

A shift away from the traditional job requirements of a university degree path would allow for the scouting, hiring, and training of the right people. Instead of academic background, those in the cybersecurity field would be better served by looking at a candidate’s skill sets. Do they have the skills needed for the job, even if they don’t have the degree? If they do, invest in that talent.

A few of the skills necessary for cybersecurity jobs:

  • Relevant past work experience,

  • Ability to understand advanced cybersecurity concepts,

  • Cybersecurity certifications,

  • Strength in non-technical soft skill areas.

University education can help, but it shouldn’t be the only factor in determining whether a potentially promising candidate in the cybersecurity field gets turned away, especially if that candidate could broaden the diversity of the field. Women represent only 23% of the cybersecurity workforce, according to (ISC)², and that number is after they broadened the definition of who works in cybersecurity.

It isn’t just companies that can help close the gap and guide more capable people into a cybersecurity career. Government initiatives like the UK’s Cyber Discovery free training program can help people explore their interest in IT, and ultimately decide that it’s a good career for them. State and federal governments in the U.S. should implement their own programs to seek out and support talent in a similar fashion.

Part of solving this problem will be getting the word out. Careers in IT and cybersecurity aren’t talked about as widely as more traditional paths like doctors or nurses, or trendier digital careers like YouTuber or Instagram influencer. But the fact is that people who have these jobs hold them a long time, are satisfied with the work they do and are compensated very well for their efforts. If more people knew that, starting at a younger age, they might find a place for their skills where they didn’t think one existed.

Companies can put themselves at the front of the pack by taking the initiative to find and recruit top talent outside the conventional pipeline. And they can do it by being willing to invest the time and money in proper, ongoing training. The cybersecurity skills shortage isn’t all that frightening if you know where to look to close the gap and are willing to take action.