Recruiting for security roles is a consistent challenge, and it is impacting business performance.
Research in March from the Department for Digital, Culture, Media and Sport found that approximately 653,000 (48%) businesses have a basic skills gap, which means that those in charge of cybersecurity at those organisations lack the confidence to carry out the tasks laid out in the Government-backed Cyber Essentials scheme and do not have external support to do so. Furthermore, the same research from the DCMS revealed that in over half (51%) of cases, organisations have found it difficult to fill “generalist” cyber positions:
- 43% of the time, this was put down to a lack of technical skills or knowledge on the part of the applicant, however, a lack of soft skills was also a frequently occurring factor.
- 25% of businesses assert that a cybersecurity skills gap has “to a great extent” inhibited them from achieving business goals.
Meanwhile, this is happening while skills and corporate training are being outpaced by digital transformation:
- A report from McAfee – Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report – revealed that 79% of organisations store sensitive data in the public cloud.
- 93% of CISOs understand it’s their responsibility to secure data in the cloud. However, 30% of companies lack the staff with skills to secure their Software-as-a-Service applications.
Adam Philpott, EMEA VP, McAfee saidg:
“To tackle such a complex issue requires both “top-of-the-funnel” intervention and investment from government organisations, but also collaboration across the cybersecurity industry and concrete measures from companies themselves. We can try to bring talent in further down the line, for example upskilling employees internally or running returnship programmes for those looking for a change in career. However, ensuring we have more talent available in the first place is also essential. That is why nationwide investments in training in the technology sector, such as the establishment of a UK Cyber Security Council to provide a framework for cybersecurity qualifications, are crucial and instrumental to giving those who are interested in IT or cybersecurity at school a pathway into the industry.
“What’s more, a lack of diversity in recruitment processes, often coming through unconscious bias, means that businesses are missing out on large parts of the talent spectrum. This leads to slower progress in tackling the technical skills gap currently facing the industry. Building diverse teams should be a no-brainer for businesses, as doing so has clear benefits – from boosting creativity to achieving greater financial success.”
Chatelle Lynch, senior vice president, and chief people officer, McAfee believes businesses need to prioritise diversity from hiring to inclusion if the skills shortage is to be overcome. Lynch says:
“To truly move the needle, diversity in all shapes and forms must be built into every single process, program and initiative to counteract unconscious bias. Data suggests that most professionals unconsciously seek the same qualities in others they see in themselves during the recruiting and hiring process. And this partly explains how we’ve reached today’s talent pool. Once organisations become aware of unconscious bias, they can implement initiatives to promote greater diversity.
“McAfee takes diversity seriously and has introduced initiatives to support this. We have mapped the available talent pool against our roles to ensure that if the market supports it, we have female candidates in the recruitment process. We also target schools and regions with diverse populations when recruiting and make sure that candidates see for themselves how much we value diversity of thought at the interview. They see this in the hiring panel (we require at least one female to be included in the interview panel), in our commitment to pay parity, the benefits we offer for same-sex domestic partners, and in the ways we’re advocating for social causes and efforts that advance diversity. Last year, our efforts led to a 11% increase in the proportion of women hired and 59% increase in the proportion of underrepresented professionals hired.
“But it’s not enough to be successful at bringing diverse talent through the door. A culture of inclusion and belonging is equally important. This takes time and intentionality to build. One of the simplest and most effective ways to achieve this is to encourage employees to progress in the workplace and support employee-led resource groups. Our McAfee Communities build connections among members, but are also able to provide important professional development opportunities through mentorship, educational classes, speaker and panel presentations, and more.”
Top tips from Chatelle Lynch on how to secure a job in cybersecurity
1. Work on your EQ
“I meet and interact with brilliant people daily. What differentiates them from each other is one simple thing for me – emotional intelligence, or EQ.
“Look people in the eyes, if it’s on camera, look right at the camera and actively listen. Share stories about who you are, not just what you do. Converse, relate, and empathize with your interviewer.
“Emotional intelligence is something I look for in what’s considered ‘normal’ times, but amidst the coronavirus pandemic, I find it more important than ever. Openly address today’s reality and recognise the organisation has likely pivoted several times in a matter of months. Candidates who express genuine curiosity in how the company is navigating this unprecedented time are of heightened interest.
“Ask questions about the culture, what’s it like to work there. Whether the company you are interviewing for remains in the virtual space or shifts back to the physical workplace, digging into the company culture indicates you know the importance of being the right fit for the team – something that organisations especially need in uncertain times.”
2. Don’t let the absence of a degree deter you.
“It’s no secret the demand for cybersecurity staff has steadily grown over the past decade. Shortages are increasing to over 50 per cent and there is an estimated shortfall of up to 1.8 million cybersecurity roles by 2022. This means opportunity, so if you don’t have a degree, don’t let that slow you down. You may have unique work experience or relevant certifications, alternative learning, or transferrable skills that you need to make sure you highlight when applying and interviewing.
“Also, know the listed qualifications on a job posting aren’t always set in stone. Don’t be afraid to make your case on how you are qualified during interviews. I find that prior military service, Information Technology experience, and relevant volunteer or hobbyist activities, such as gaming, are a good foundation for cybersecurity roles.
“If you have transferable experiences, there’s likely a place for you in a company that wants to grow their talent with unique and diverse backgrounds just like yours!”
3. Be cyber-savvy and research the company before the interview
“Research the company you are joining, and know why you want to join a cybersecurity company. I always ask candidates that and it is evident right away if they have done any research. Also, be prepared to know what cybersecurity companies do.
“Be aware of relevant current events. Has there been a recent cybersecurity incident in the news? Research it to understand what happened. Especially if you’re applying for a position where you don’t appear to meet the minimum qualifications, be ready to demonstrate your domain knowledge.
“Ahead of the interview, assemble any work samples and prepare to discuss them. Cybersecurity companies tend to be positively inclined toward candidates who have a passion for the mission, but know sharing any past work considered confidential won’t be received well. Cybersecurity companies take a culture of security very seriously.”