Guidance to Overcome the Cybersecurity Talent Shortage

September 13, 2022 | By IANS Research

The struggle to hire within cybersecurity continues to grow - with millions of open roles, and not enough qualified talent to fill the gap. A cybersecurity skills gap existed before the pandemic, but remote work – coupled with a surge in cyberattacks and ransomware – pushed the need for qualified, skilled talent to higher levels than ever before. Despite the job security that accompanies a career path in such an in-demand industry, an adequate pool of a qualified cybersecurity job candidates remains sparse. 

This piece provides better understanding of the common roadblocks information security job seekers encounter, and guidance for both organizations and candidates to overcome hiring obstacles, to help in your efforts to fill the skills gap needed to grow your team. 

Cybersecurity Talent Hiring Challenges   

Many of today's information security professionals have benefitted from the talent shortage trend. They've leveraged their knowledge and experience to land high-paying roles in IT and infosec departments across the globe. While demand is surging, at the same time, turnover is high, resulting in many new opportunities. 

Cybersecurity leaders are faced with filling open positions, developing career paths for their security team, and boosting retention, at the risk losing valuable team members to the competition. All of this comes at a cost and can impact the effectiveness of cybersecurity coverage for the organization itself. 

As they try to fill security gaps, organizations are wary about losing their top-performing security employees. Advancing to senior management and leadership roles is common for star performers in other business functions but happens less in cybersecurity. Top performers are too hard to replace. 

To add to these hiring gaps, potential security jobseekers often find several factors that hinder their search to land their ideal security role. Among the major roadblocks when seeking positions and advancing their careers are cybersecurity training costs, unclear career path knowledge and lack of related experience. 

Ultimately, both organizations and candidates end up accepting less-than-ideal hiring results simply because both have reached plateaus with no feasible opportunities for progress or growth. Some organizations may turn to third-party vendors offering managed security service packages to cover their shortfalls as a contingency plan – not as a strategic goal to advance cybersecurity initiatives. Security jobseekers may end up settling for a less fulfilling security role that does not provide an ideal career path.  


READ: How to Hire and Retain Cybersecurity Talent 


Roadblocks to Cybersecurity Careers 

Some of the barriers hindering security professionals seeking advanced positions that compounds organizational hiring difficulties include: 

  • Formal education needed to land entry-level security positions - More than eight out of every ten cybersecurity job postings require a bachelor's degree or higher, often alongside real-world job experience. This presents a high barrier to entry compared to many other IT fields, potentially dissuading people from exploring their potential as cybersecurity professionals. 
  • Cybersecurity certification costs - More than half of all cybersecurity positions require at least one independent certification. Ideally, every security professional should have multiple certifications, expanding the number of roles they can play in tight labor market. The cost to gain certifications add up, and don't always translate to long-term value – especially when security technology best practices change on short notice. 
  • Lack of experience and product expertise - High certification costs and unclear career opportunities set the stage for inexperienced security professionals to take on responsibilities beyond their capabilities. This sink-or-swim approach puts undue risk on the organization's security posture and amplifies the challenge of implementing new security technologies when needed.  
  • Lack of knowledge about cybersecurity roles - Many organizations neglect to discuss cybersecurity roles (or provide clear job descriptions) with potential candidates within their own ranks, simply because they work in other departments. This leaves leadership in the position of only educating new and existing security team members, and not promoting cybersecurity opportunities to the people already familiar with the unique structure of the organization. 
  • Unclear career path opportunities - Many organizations avoid cultivating cybersecurity talent towards management or leadership roles. As a result, security professionals may not receive attractive opportunities for advancing their career in the company. Some may move from one job to another or exit entirely when given the chance to seek better opportunities. 

For both security professionals and organizations there is light at the end of the tunnel. Organizations can help cybersecurity professionals move past these roadblocks to help develop their careers and expand the available hiring pool. Training and certification assistance are the best area to start. 

How to Grow Information Security Talent   

Organizations can leverage the following guidance to grow its in-house security talent and create opportunities to bring on qualified, trainable applicants. 

  • Find cross-training opportunities - Many employees enjoy their jobs but want occasional opportunities to stretch their capabilities and gain new skills. In an environment where every role is also a cybersecurity role, there is a wealth of security-oriented cross-training opportunities in every department, bringing vital talent and new perspectives to the security team itself. 
  • Incorporate certifications into training and transition plans - If a new position requires expertise with a specific tool, employees will need support to obtain that certification. Cybersecurity training must include vendor-specific certifications whenever the roles demand using specific tools to obtain security results – especially if candidates are being brought in from other internal departments. 
  • Establish performance goals and role expansion opportunities - Every position should have performance indicators that accurately reflect how well an employee meets the demands of the role. This can be challenging for security roles, where attributing success to a single task is not always possible. These indicators are vital for identifying and cultivating top talent. 
  • Create Employee-specific profiles – Potential hires have different goals, and you need to know what they are. Some people may be subject matter experts who don't want to take on management responsibilities. Others thrive when presented with management challenges. The better you know what your employees want, the more detailed a career roadmap you can create which helps build the team. 
  • Build a comprehensive professional development track - Work with your human resources department to identify and document employee achievements that put them on the right professional development track for their needs. Seek employee input and build a collaborative roadmap that gives security talent a chance to flourish at your organization. 
  • Consider training exchanges - If you don't have access to specific security tools and no opportunity for in-house training for those tools, you may be able to arrange cross-training swaps with other companies in the area. This is especially useful for smaller companies that can use three-to-six-month swaps to increase their in-house capabilities before signing on with a new platform or service. 

The more comprehensive and unique potential and current employees' career roadmaps are, the more likely they are to stick to the path laid out for them. In a labor-tight field like cybersecurity, treating each candidate and employee on an individual basis makes sense, and can significantly impact the success of the career development initiatives you create together.

Best Practices to Help Cultivate Security Talent  

Security leaders struggling to retain cybersecurity talent need to focus on the individual goals of both potential and existing security team members. Be open to the fact that not every individual wants the same thing from their career, and you’ll gain the ability to build collaborative professional development roadmaps with your security staffers.  Best practices to cultivate new security talent include: 

  • Build professional development tracks that speak to the individual employee's needs and expectations and promote this to jobseekers. 
  • Find cross-training opportunities for other departments members, or even training exchanges with partner companies. 
  • Incorporate job descriptions and performance goals into a comprehensive training and transition plan that includes vendor certifications. 
  • Pay close attention to what potential and current employees want from their careers and help them build a plan to execute that vision. 

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice. 


Access time-saving tools and helpful guides from our Faculty.


IANS + Artico Search

2021 CISO Compensation Benchmark Study

Get New IANS Blog Content
Delivered to Your Inbox

Please provide a business email.