Struggling to fill your cybersecurity positions? Maybe invest in the resources you already have.
Companies worldwide have been facing an acute shortage of qualified cybersecurity professionals for many years. That fact is underlined by a telling statistic from the 2020 (ISC)² CyberSecurity Workforce Study, which found that the global shortfall was a whopping 3.1 million specialists. While that represented progress--the number stood at 4 million the previous year--the report also noted that 56% of cybersecurity experts believe that talent shortages are putting their organizations at risk.
As any first-year economics student can attest, when a resource is scarce, its price tends to go up--a basic truth that will not be lost on anyone who has tried to hire an accredited cybersecurity professional in recent years. With the ability to go anywhere they choose, top talent in the field can attract compensation packages that put their skills out of reach for many companies. According to data from ZipRecruiter, the average salary for a cybersecurity specialist in the United States is $111,052 - more than double the average of $48,851 to hire an IT professional.
Top Cybersecurity Certifications
Of course, there’s a reason why those specialists command such high salaries: cybersecurity professionals typically have one or more of the following accreditations, in addition to several years of experience in their field:
- CEH (Certified Ethical Hacker)
- CISM (Certified Information Security Manager)
- CompTIA Security+
- CISSP (Certified Information Systems Security Professional)
The fact that each of these requires a significant investment of both time and money to attain represents an opportunity for cybersecurity providers to begin providing extra value for clients. If your organization can provide some of the skills and services that these certifications cover, the value of your services increases significantly—even if your own employees don’t hold these exact qualifications.
Indeed, within most companies, existing IT professionals may well have some of the skills and knowledge you need to begin upskilling to meet client needs. With a little support and investment, you can help to grow your internal capabilities, providing a cost-effective solution to the talent problem, while also increasing your value to clients.
How to Help Your Team Develop Cybersecurity Skills
1. Start with screening. The ideal scenario when looking to upskill your workforce would be for an excellent employee to come forward in a review and say “I want to develop new skills”. The chances of that exact set of circumstances occurring, however are fairly slim, which means that managers will likely have to identify the potential and coax people along. Look for traits such as evidence of a growth mindset, and those who are prepared to go the extra mile to solve the kinds of problems they come across in their existing jobs.
2. Cast a wider net when hiring. In keeping with the idea of screening for skills, when it comes to hiring, try to widen your lens beyond the immediate focus of the role you’re hiring for. Has the candidate had past experiences that suggest they might be able to develop the kinds of cybersecurity skills and knowledge you’re looking for? Are there related job roles or fields that might someone a good fit?
3. Go all in on internal training. Incentivize those with existing cybersecurity experience on staff to share their knowledge with colleagues. Consider bringing in outside experts to provide training, and assemble a directory of resources--both people and material--that interested employees can tap whenever they need to.
4. Consider funding certification programs. Yes, we know: the risk of paying for employees to get training is that they’ll take their skills to a higher-paying competitor as soon as they’ve developed them. However, making funding conditional on a minimum tenure post-certification can help to bridge that gap.
A good starting point for employees just setting out on a cybersecurity path include the GIAC Security Essentials (GSEC) certification, which currently costs $1,999 to sit for, and takes approximately 4 months to gain. The course covers cybersecurity fundamentals and provides a stepping stone to some of the more specialized, complex areas in the field such as threat analysis, cyber coding, identity and access management, and more.
5. Leverage GuardYoo’s Remote Compromise Assessment platform. Whether you’re an established cybersecurity partner, an independent consultant or an MSP seeking to add more value, a partnership with GuardYoo can greatly enhance your team’s cybersecurity capabilities. Featuring remote cyber audits and digital forensics, GuardYoo’s tools identify potential client vulnerabilities, equipping your people with cutting-edge knowledge and skills without adding to your headcount or professional development budget.
To schedule a consultation with a member of our team just send us a message via the chat function or email us - info@GuardYoo.com