Getting skilled people into cybersecurity roles continues to be a challenge. In a Ponemon survey from earlier this year, security leaders said their biggest security concern for the coming year was a talent gap. Commenting at the time, Brian Honan wrote in the SANS newsletter that the best way to tackle a skills shortage is to provide effective training and support to existing staff to better enable them. “We need to look outside our traditional tech fields to recruit people with the aptitude for security. The technical skills can always be taught to a willing learner,” he said.
In fact, Lance Spitzner of SANS Institute recently published a piece encouraging people from non-technical backgrounds to become cybersecurity professionals. “In many cases having a non-technical background can actually be an advantage,” he argued.
Spitzner added: “A growing challenge we are facing in cybersecurity is we have a growing number of highly technical people, but often they don’t have the soft skills needed to interact with people outside their world, such as the ability to communicate to business leaders about the impact their work is having or working with or partnering with other departments throughout their organisation.”
The UK Government recently took an interesting approach to addressing the need for security skills development. Its £20 million ‘Cyber Discovery’ programme targets teen schoolgoers using gamification. It hopes this will translate to them taking an interest in the subject and will help uncover previously untapped talent.
Events of the past week remind us to ask if the industry is doing enough to attract all possible candidates. OurSA is a pop-up event that took place alongside security’s mecca, RSA Conference 2018 in San Francisco, last week. OurSA came about in just two months, after a backlash against RSA’s almost exclusively male speaker lineup. Karlin Lillington wrote in the Irish Times that the security industry remains overwhelmingly male-dominated. Just 11 per cent of the labour force are women.
While the poor optics of male-dominated security events don’t help, there are positive examples of female participation in security. Our own Neha Thethi from BH Consulting contributed to an article on Helpnet Security last year, looking at the experiences of women working in the cybersecurity industry. Jane Frankland, an entrepreneur and a CISO advisor, has written a book titled ‘InSecurity: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe’.
Strength through diversity
Last year’s ‘Women in Cybersecurity’ report argued that diversity of experience as well as gender can strengthen security teams. Fewer than half of the female infosecurity professionals have backgrounds in IT or computer science.
The report was based on interviews with 300 female IT security professionals. More than one third of them had been working in the industry for more than 10 years. Respondents came from a wide variety of backgrounds including psychology, sales, art, compliance and internal audit.
Report author and Cobalt vice president Caroline Wong told Infosecurity Magazine: “Diverse teams have better results, plain and simple. In an industry with a major talent shortage, it’s critical that hiring managers be very engaged in the hiring process and thoughtful about exactly what types of skills are needed for each particular role.”