By Julie Jeffries, Director, Microsoft 365 and Security Business Group
With the ever-evolving cyber threat landscape, the need for security experts is increasing, but demand is far outstripping supply. Organizations are faced with both talent shortfall estimated at 3.5 million and the landscape changes rapidly requiring security professionals to continuously upgrade their skills.
We hear often about the impacts of this talent shortage. The scarcity of people with the right skillsets, fewer than one in four candidates that apply are even qualified, all of which only gets amplified by the speed at which skillsets must evolve and the potential for analyst burnouti. With all organizations facing this challenge, we must come together as an industry to address the gaps we have in cyber talent, cyber skills and inclusivity. By not doing so, these gaps threaten the balance in favour of the cyber criminals. So, what can we do address these gaps?
We must recruit, train and retain cyber talent from a wide variety of backgrounds to maintain our advantage. Providing growth opportunities and continuous learning culture can support in incentivizing and retaining experienced workers, and in identifying internal talent who maybe eager to reskill into these related security roles. There is a direct link between employee satisfaction, long-term workforce retention and the ability to provide the type of training and development opportunities for employees.
- Encourage individuals to learn from each other: It is important to stretch beyond your immediate team – consider those who may want to learn from your team, what your team can learn from others.
- Host an internal brown bag: Empowering practitioners to train and coach each other, as simple as lunch and learns about specific topics. This also provides potential internal talent an opportunity to network and develop an interest to help fill and diversify your team.
- Learn from the industry experts: learning from others in the industry and sharing knowledge through (virtual) meetups or organizing guest speakers. While organizing external experts might not always be available, scheduling an internal meetup to listen into industry podcasts with external experts, such as Afternoon Cyber Tea with Ann Johnson or Security Unlocked Podcast, enables the team to learn and discuss as a group.
- Join security community groups: Collaborating with other security professionals, through an apprenticeship program or security community groups, such Cyber Tech & Risk or Microsoft Security Community, can provide growth opportunities for junior practitioners or potential internal talent.
- Offer regular training for people at all levels of your organization: By offering regular training available to all individuals in your organization, provides an opportunity to upskill potential new talent for security and supports your practitioners with the latest knowledge. If you do not have the resources internally, Microsoft offers an array of learning opportunities:
- Hosting an internal security skilling session: The security skilling pack provides ready-to-go video learning content, hands-on-labs and a certification path. For a limited time, completed security skilling packs will receive 50% off MS-500 certification vouchers*
- Microsoft Learning Paths for Cyber Security: Self-paced learning allows your team to explore in-depth topics through guided paths and readily available learning modules. Microsoft offers cyber security learning paths, including Protect identity and access with Azure Active Directory, Defend against threats with Microsoft Threat Protection and Manage security with Microsoft 365. You can also add a little friendly competition to your teams learning with the Microsoft Learn-a-thon.
- Microsoft Security Training Day: Virtual instructor-led workshops called Microsoft 365 Virtual Training Days providing all-day learning opportunities and networking with Microsoft security professionals.
No matter how you look at the numbers, the industry has a need for more security professionals. To attract the diverse talent you need, expand your criteria. Look beyond the typical degrees, experience level and certifications that you typically recruit for. Consider people looking to switch careers in adjacent professions, such as sociology, law enforcement, psychology, forensic science or working with colleges for new gads and leverage training programs that help people acquire the technical skills you need. Creating a continuous learning culture provides growth opportunities for both junior and senior members of the team and can support recruiting new talent to address the security skill gap.
i Usenix study: A Human Capital Model for Mitigating Security Analyst Burnout soups15-paper-sundaramurthy.pdf (usenix.org)
* Terms and conditions apply.