By Rob Rashotte
Cyberattacks are on the rise, but one of the biggest threats for organizations is the need for more skilled cyber professionals. According to a recent workforce study, the global cybersecurity workforce shortage is around 3.4 million people.
The gap has persisted for years, putting organizations at risk as cybercrime continues to rise. In Fortinet’s global 2023 Cybersecurity Skills Gap report, over 80 per cent (84%) of enterprises surveyed indicated they had experienced one or more cybersecurity breaches in the past 12 months alone.
While many factors increase a business’s vulnerability to cyberattacks, more than two-thirds of the surveyed business leaders (68%) agreed that unfilled IT and security positions represented a significant security risk. As a result, finding and retaining cybersecurity talent is a pressing concern that requires out-of-the-box thinking at the C-suite and board levels.
Navigating the talent crunch
Fortinet’s report demonstrates the challenge facing business leaders: how do you secure against increasingly sophisticated and plentiful cyber threats without skilled professionals to fill critical positions?
Talent acquisition and retention strategies become more attractive when business leaders weigh the growing threat and cost of cyberattacks. Considering nearly half of the surveyed organizations suffered breaches that cost more than $1 million to remediate, investments in skilled staff and training takes on a new urgency.
Finding the right fit
Of those organizations seeking cyber security staff, over 90 per cent look for talent with related certifications. Unfortunately, more than half (56%) struggle with their recruitment efforts, especially in high-demand specialties such as operations, cloud and network security.
Retention is also a challenge for over half (54%) of the organizations surveyed. For example, 65 per cent of employees in security operations center (SOC) roles have considered quitting. As organizations struggle to fill open positions, that statistic should send warning signals to all hiring managers and above.
Adequately staffing security teams requires a two-pronged approach—retain and retrain existing staff and expand the pool of talent. These strategies, drawn from Fortinet’s research, provide a place to start.
Invest in the talent you have
Short on specific, hard-to-hire for skill sets like operations, cloud and network security? Consider leveraging internal talent by offering to pay for advanced training. Over 90 per cent of organizations indicated they were open to paying for employees to obtain relevant certifications, a strategy that rewards high-performing staff and moves proven talent into hard-to-fill roles.
Fortinet helps businesses address their security needs with access to cybersecurity training and certification programs. The Fortinet Training Institute offers a wide range of self-paced and instructor-led training that ensures graduates can demonstrate mastery of complex network security concepts critical for a cybersecurity-focused role.
Go where the talent is
University and college campuses are another source of potential talent. Internship and mentoring programs are a proven way to attract candidates from academic streams – but they can also apply to those transitioning from one career to another.
Partnering with educational institutions can help them attract new entrants to the cybersecurity workforce. For example, the Fortinet Academic Partner Program works with over 500 colleges and universities globally to integrate the Fortinet Network Security Expert (NSE) training and certification courses into the existing curriculum.
Diversify the talent pool
Accessing a broader talent pool requires initiatives to attract a more diverse group of candidates. Most organizations (83%) already have diversity goals to encourage historically overlooked groups, including women, minorities, and military veterans.
There are also spin-off benefits to a diversity strategy. Diversity is good for the bottom line, cultivates innovation and creativity, and improves problem-solving and decision-making. For example, studies show that women often outperform men in areas such as initiative, communication, resilience, and relationship building, yet they account for only an estimated 24% of the cybersecurity workforce. Diversity also makes great business sense, as diverse companies are 70% more likely to succeed in new markets and 120% more likely to reach their financial goals.
No need to go it alone
Organizations looking to take advantage of these strategies need not go it alone. Organizations like Women in Cybersecurity, Latinas in Cyber, Blacks in Technology (BIT), and others are working to connect candidates with cybersecurity education and employment opportunities.
With the growing threat of cybercrime, it’s clear that meeting the challenge of today’s changing threat landscape requires collaboration, as well as investments in diversity and training. It may take some creativity to attract a broader and more diverse group to the cybersecurity profession. Still, organizations will have an easier time shoring up their security footing when we collectively narrow the skills gap.
Rob Rashotte is Vice President of Global Training & Technical Field Enablement at Fortinet