The past 18 months have shown that cybersecurity is an essential part of a successful and resilient business model, regardless of whether an organization has 50 or 5,000 employees. With half of all organizations surveyed in the 2023 Arctic Wolf “State of Cybersecurity” Trends Report noting they experienced a breach within the last year, it’s clear that cyber attacks and data breaches continue to keep security professionals up at night.
After being named one of IT World Canada’s Women in Cybersecurity this year, I’ve been doing a lot of reflecting on the future of cybersecurity talent. Because the number of cyber attacks across industries are rising with no signs of slowing down, attracting and retaining cybersecurity talent — especially from non-traditional backgrounds — is more important than ever.
The cybersecurity talent shortage, however, has forced organizations to work hard to recruit the next generation of security practitioners. Research from (ISC)² found that two thirds of organizations noted that, “the cybersecurity shortage is placing their organization at risk” while data from CyberSeek confirms that there are over 769,000 vacant cybersecurity positions needing to be filled. Simply offering a competitive salary and a chance to break into a fast-growing industry won’t cut it anymore, especially if women, candidates from previously underrepresented backgrounds, and people from non-tech-focused backgrounds are overlooked as they traditionally have been in cybersecurity.
Thankfully, there are tried-and-true strategies that organizations can use to ensure their most valuable assets — people — are prioritized in the high-stakes world of cybersecurity. Employees want to feel like they are part of a mission that’s greater than themselves, whether it’s protecting small businesses or Fortune 500 companies. Research from LinkedIn has verified that companies with employees who rated their workplaces highly on having a “purposeful mission” experienced attrition rates 49% lower than companies that didn’t, and new grads entering the workforce are also more likely to seek out businesses that they feel excited about outside of the office.
In addition, employees that feel strongly about their mission when they go to work each day will reinforce the most positive aspects of a company’s culture over and over again, creating an environment that lifts everyone up. With a unifying mission, organizations can enable teams made up of cybersecurity practitioners from all backgrounds to rally around each other, creating strong foundations of diversity, equity, and inclusion that might otherwise stop at simply meeting hiring quotas. The benefits of close-knit teams go beyond well-run meetings, too. Opportunities to foster mentorship, accessibility, and continuing education programs are all made easier by growing teams of diverse individuals working toward a common goal.
One area that we must face head-on is the mental health and well-being of our teams. Cultivating a safe work environment that supports the necessary time off to disconnect, spend time with family or friends, and unplugging from the ever-connected world is going to give those companies a competitive advantage. Providing additional resources and a supportive culture will be a differentiator for businesses to keep employees at their best. Each team member needs a unique support structure to show up to work each day at their very best both personally and professionally, and developing a program for PTO, VTO, or mental health days that can accommodate different employees is a critical building block of a healthy company culture.
There are other ways to incentivize fresh talent to enter, and stay, in the cybersecurity industry. Attracting people to enter the cybersecurity industry is about more than having great colleagues, and that’s why it’s critical that we as an industry continue to recognize our top performers and offer them opportunities to grow in their roles. Businesses that offer training and skill-development programs have been shown to be more enticing to potential candidates than businesses that don’t offer such programs, and even businesses without the resources to invest in their employee’s education can offer free internal competitions with pride as the prize, or host lunch-and-learns for employees to share their skills with one another.
Because the cybersecurity industry is so fast paced, the best practices to retain top talent will always be shifting in some way. But the most successful organizations will be those who put the work in to understand their employees needs beyond a paycheck, and likewise those who understand that creating a positive workplace culture doesn’t happen overnight.