Why it's so hard to hire cybersecurity professionals

There has never been a greater demand for cybersecurity professionals nor a greater shortage in the job market. Every cybersecurity professional and, these days, anyone who can handle a basic operating system is being recruited into IT positions across the board. This is connected to “The Great Resignation” is a period of significantly greater than normal turnover rates and far greater competition for workers. According to Anthony Klotz, the man behind the term ‘The Great Resignation’ and an associate professor of management at Texas A&M University, rampant resignations didn’t quite start with the pandemic.

Over the last ten years, particularly as the American economy strengthened, resignations have been going up. The pandemic stalled these resignations in 2020 as people feared the uncertainty it brought. The introduction of the COVID-19 vaccines caused people who were seriously considering quitting to act. In the financial industry, 24% of employees have already resigned or plan to do so by 2022. Without a remedy, the high employee turnover and difficulties in hiring may cause significant losses with escalating effects throughout the nation.

DHS planned to hire 109 cybersecurity professionals in 2020 and did not actually hire a single one. Their new plans are to hire 150 in 2021 and another 150 in 2022, with onboarding by the end of the year. But these professionals are in extremely short supply. As reported by The New York Times, Cybersecurity Ventures projects a staggering 3.5 million unfilled cybersecurity jobs globally by 2021, increasing from one million such positions in 2014. Late in August, the Cybersecurity Talent Management System (CTMS) was put into effect, allowing “excepted service” and exceptional pay for cybersecurity talent, a significant change in traditional federal HR practices. In contrast, cybersecurity threats are on the rise.?

The population of hackers and the tools at their disposal are ever-expanding. Anyone with a malicious program can become a “hacker” and malware is commonly available to copy for free on the darknet. Bad actors target everything from giant hospitals to the smallest businesses. In a time when every business needs cybersecurity experts, it’s no surprise that demand is high, and the security expert continues to grow.

The shortage of security professionals comes from several sources. First, there’s been an explosion in cybersecurity and managed-IT demand, more than the current pool of professionals can address. Additionally, there is an extremely tight job market, increasing the difficulty in finding specialized competent cybersecurity professionals to hire and, if you find them, affording them.?

Finally, many hiring managers do not have the experience needed to hire cybersecurity specialists. It’s often difficult to make the right decision without an IT professional already on staff to assess the applicable technical skills and knowledge of a candidate. Between the staff shortage and expertise required to hire appropriately, outsourcing and contracting cybersecurity teams is often more effective, especially for small teams.

So how do we resolve this ever-increasing demand for cybersecurity professionals and the shortage of available candidates in the workforce? The answer is to both find talent in untapped pools and optimize available expertise by outsourcing to meet your cybersecurity and managed-cybersecurity needs.

One solution is to develop new cybersecurity professionals. Create a pipeline from entry-level technicians (often a help desk or entry level security role) to admins and security specialists. Offer opportunities for training, career development, and promotion inside the position. If your company isn’t big enough for a robust pipeline, partner with others in your network to create the cybersecurity professionals you need and offer them continuous growth opportunities to fill out the much-needed ranks. But recognize that there will be others vying to compete for the cybersecurity talent in your firm.

Your team could simply wait for the right person to come along. Unfortunately, cybersecurity recruiting is one of the slowest and most difficult sectors to hire for. You might consider hiring a recruiting firm that goes out and looks for the right talent. Some organizations are reporting that it takes over one year to hire the right information security officer. This is unacceptable for any organization with sensitive data.

Another solution could be a hybrid team. Cybersecurity is a specialization of IT. Many teams already have an IT administrator who keeps their systems updated and computers online, but they don’t have specific cybersecurity expertise. In addition, the pressures on the IT professional to perform can often conflict widely with the pressure on the cybersecurity professional to secure. The two do not often peacefully co-exist in one person. In this case, you can absolutely combine outsourced cybersecurity and advanced IT services in-house.?

Let your IT professional do what they do best: take care of the team’s IT production needs while your outsourced team takes care of your firm’s cybersecurity defense. Your in-house IT stays in charge of office technology and can act as the bridge between your outsourced team and the rest of the company. Resources are scarce in cybersecurity hiring. Find your solution to the workforce IT shortage today.

You can also fully outsource with a trusted advisor. One of the better emerging industry solutions is outsourced cybersecurity teams. One talented team can provide the cybersecurity services needed for a variety of small to medium businesses. This shares the supply of cybersecurity professionals between several companies and provides the benefit of a full team, not just one or two IT professionals onboard. The advent of virtual specialized resources to supplement internal staff is becoming more and more an avenue for Banks, Healthcare Providers, and other sectors to meet the new demand with trusted service providers. For more information about how you can flexibly use a hybrid or fully outsourced information security partner, click here to join our webinar, "Scrambling to hire an ISO? How a VISO can help."