The chaos and confusion sown by the ongoing global pandemic have created an atmosphere that’s ripe for cybercrime, and malicious actors are taking advantage of it. Maintaining security is going to require an expansion of the cyber workforce—a tall order considering that, pre-pandemic, the industry was already facing a talent shortage that bordered on critical. To overcome this challenge, cyber leaders must modify their talent strategies in ways that will empower them to build the workforce they need for the COVID age and after.
To that end, we offer the following three foundational considerations:
1. Identification and Sourcing of Cyber Talent Must Expand.
The pandemic has brought on an increase of remote work and a spike in digital transactions that have dramatically increased the size of the attack surfaces that cyber criminals target. The resulting increase of malicious cyber activity aimed at corporate and federal government systems has ensured that demand for already scarce cyber talent will only continue to grow. How can cyber leaders square their urgent need for a larger skilled workforce with the intensifying shortage of qualified cyber professionals?
By tapping into new talent pools and doing more to nurture the cyber skills of existing cyber-adjacent workers. Steps toward this end could (and should) include expanding paths of entry into cyber positions for mid-career-switchers, and increasing efforts to recruit military veterans of all specialties and nurture their relevant skills. Whether the endurance for the common 12+ hour shift work of a Security Operations Center or the trust instilled by holding a U.S. government security clearance, many veterans bring a uniquely well-aligned aptitude for cyber work.
2. Continuous Cyber Talent Development Is Critical for Mission Success.
Facing a skills gap that will likely persist over the next 5 to 10 years, forward-thinking cyber recruiters have already been forced to realize that the “typical” cyber expert does not exist. Far from it. In fact, the best cyber experts are unorthodox, coming from a rich variety of backgrounds and experiences.
Successful, cross-functional cyber experts are systems-oriented and able to see patterns and links where others may not. They are informal and dynamic in spirit, attitude, and mind. And, in the age of COVID-19, they must be experts at dealing with an explosion of hacking and distributed denial-of-service attacks that’s causing governments and companies to scramble as never before. Agile, flexible cyber professionals now have opportunities to immediately, and in unprecedented fashion, use their abundant talents.
Investments in developing cyber professionals internally must focus less on the newest technical tools and more on expanding and applying the workforce traits that are the core of cyber risk management success.
3. Cyber Talent Attraction and Retention Drivers Must Adapt.
One of the most striking revelations of the COVID-19 era is that candidates appear to be motivated by far more than just salary. So what else do they want? For starters, more flexibility—in work location, hours, dress code, and just about every other sphere, too.
They also want to feel valued. We’ve discovered one way to accomplish this is by eliminating layers. Cyber warriors respond to a “flat” hierarchy where their good ideas and other winning traits can be recognized and acted upon immediately. To pull off such a structural shift, chief information security officers (CISO) and chief information officers (CIO) must support their teams in making changes in management practices now.
COVID-19’s impacts will continue to ripple through the cyber world even after the pandemic has been brought under control. In such fast-moving, unpredictable, and unprecedented circumstances, it is imperative to pause, reflect, and consider whether your cyber team is primed for our current new reality and whatever may follow.