Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/5/2020
10:00 AM
Carla Wasko
Carla Wasko
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Hiring Untapped Security Talent Can Transform the Industry

Cybersecurity needs unconventional hires to help lead the next phase of development and innovation, coupled with salaries that aren't insulting

Think of the hottest high-tech regions and two words likely come to mind: Silicon Valley. There’s no question that the area stretching from San Francisco to San Jose continues to be the undisputed world leader when it comes to technology innovation and development, and of course, tech talent. This is especially true for cybersecurity technology and talent. So, naturally, it’s typically the first place many cybersecurity employers look when recruiting.

However, there’s a bigger perspective I feel we are missing, even ignoring: Untapped talent.

We’ve all seen the statistics about the cybersecurity staff shortage. One specific report, The Cybersecurity Workforce Gap, published by the Center of Strategic and International Studies, reports that by 2022, "the global cybersecurity workforce shortage has been projected to reach upwards of 1.8 million unfilled positions." Further, "Workforce shortages exist for almost every position within cybersecurity, but the most acute needs are for highly skilled technical staff." Many other reports put that number above 3 million. 

To me, this is both overwhelming, but also puzzling. It makes me wonder how much of the cybersecurity talent shortage is self-inflicted. Here are some of the variables in that equation that we as security professionals can address.

Hiring desires don't align with salaries
A recent Forrester report calls out what many of us in the hiring industry have seen for years: "The deeper failure of bias, expectation, compensation, and commitment to effective recruiting and retention."

Often times, recruiters and hiring managers are looking for superheroes but pay them entry-level salaries. Forrester's Chase Cunningham notes, "Job postings will require a bachelor's degree with five to seven years of experience with all kinds of technology, and a master's degree preferred, but by the way we only want to pay you $85,000 a year."

This alone creates huge alignment problems in organizations and the industry as a whole. You can’t expect to hire world-class talent if you're not willing to pay them what they're worth, and what the market requires you pay them.

Unwillingness to challenge biases
Many people who do not have technical degrees are automatically and immediately disqualified from careers in cybersecurity. This is a serious problem. While I understand the technical nature of many positions in this space, one can have immense technical knowledge and talent, without a computer science degree. 

One of my industry colleagues told me that some of the best software engineers in his company had philosophy degrees, not engineering degrees. Cybersecurity also needs non-technical talent to help lead the next phase of what we need - strategists, leaders, product leaders, and facilitators to help companies better protect themselves.

One of the places I’ve personally seen such incredible talent is Northern Ireland. The country has such diversity in its talent pool, and most don’t realize it. This may be a shock, but Northern Ireland is now the top area in the world for investment in US cybersecurity development projects. The region boasts an impressive roster of international companies as well as innovative cybersecurity startups, and it’s all supported by world-renowned university research and a strong incubation and entrepreneurial ecosystem. 

Northern Ireland was also ahead of the game in foreseeing the need for cybersecurity education and training and has been investing heavily in it for two decades, with government, academia, and the private sector teaming up to encourage widespread adoption. The result is an absolute hot spot for world-class talent. We would not have known that this country was such an amazing pool of talent had we not started to challenge our assumptions about hiring in the cybersecurity industry.

The Bottom Line
The cybersecurity threat landscape doesn’t look to be changing any time soon, so the need for skilled talent will only continue to grow. But we need to start looking everywhere for talent, not just what and who we think are the right candidates and backgrounds. 

Remember what Silicon Valley used to represent – that anyone, from any background, was able to create something from nothing, to defy the odds, to prove that technologies can be built by those with different viewpoints and qualifications, and still drive huge innovation, the very innovation that was fueled by recognizing that talent can come from all countries, experience levels, and different educational backgrounds.

Related Content:

 

Carla Wasko joined WhiteHat Security in June 2017.  She brings over 20 years of HR leadership experience in Human Resources to WhiteHat, where she reports directly to the CEO and is responsible for driving the strategy for People, Places and Culture.  Her previous ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6486
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6487
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6488
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6489
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.
CVE-2012-6490
PUBLISHED: 2020-07-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.