Maximizing Human Capital to Fill Cybersecurity Jobs
In a recent Talking Tech with Cisco blog post, Cisco product manager Tom Gilheany examines some "Surprising ways to find cybersecurity gold in your employees."
Given all the hoopla about the looming skills gap in this IT niche, and all the hand-wringing about how we can possibly ever manage to fill huge numbers of open jobs, it's nice to find a calm voice with some good suggestions on this front. Yes, everybody knows the United States faces a shortfall of 500,000 skilled cybersecurity professionals by 2020.
There may be as many as 2 million cybersecurity jobs open elsewhere around the globe by that time. The number are both massive and, to many, massively intimidating. How then, can one plan for and anticipate this need, without falling prey to panic or despair?
Let's turn to Gilheany, who makes some great observations and suggestions. He leads off with the observation that "your best cybersecurity candidate for tomorrow may be sitting at the admin's desk today. Or maybe in the marketing department(.)"
The idea is that by looking for key qualities in existing staff — among them, he mentions specifically curiosity, problem-solving, personal interaction, empathy, communications, and other "soft attributes" — you can find people with the right mindset, attitudes, and basic skills for cybersecurity work right underneath your nose.
Once you've identified these worthy prospects, all that remains is to then train them up into competent cybersecurity workers. All I can say in response to that is, "Right on!"
Gilheany suggests that by offering training and technical development opportunities to existing staff, companies and organizations can cultivate not just the skills and knowledge they need in their workers, but gain loyalty and gratitude from the very staff they most wish to attract and retain.
In addition, by starting with people on the inside, you can be sure they already know something (if not quite a bit) about the local culture, markets, core competencies, and customers or users. As he puts it (somewhat mildly, I should add), "Upskilling current employees can also boost your reputation as an organization that invests in its existing human assets."
Indeed, this can't help but appeal to current and prospective employees alike. It not only helps you hang on to the good people you already have on staff, it also helps attract similarly qualified individuals you've haven't yet hired.
I also like it very much that Gilheany understands the overwhelming importance of soft skills in this equation. He quotes Tim Erlin, vice president of product management and strategy at security monitoring company Tripwire.
Here's the key Erlin quotation: "Security practitioners need to be good communicators who can connect cybersecurity issues to business priorities, rally the rest of the organization to get involved, solve tough problems, and handle sensitive issues." Shoot! I couldn't have said that better myself.
Gilheany then goes on to identify characteristics of good prospective cybersecurity employees based on their interests, backgrounds, and experience. Here's a quick list of those topic headings, each of which is worth reading through:
? Degree in Sociology or Psychology
? Law enforcement experience
? Military experience
? Women and minority groups
? Teaching experience
? Degree in English, Literature, or Communications
? Administrative assistants and staff
? Accountants and financial staff
? Talent with puzzles and mysteries
Gilheany promises a Part 2 to this ongoing saga. I'll keep my eye out for same and follow up when it appears, if I deem this story worth continuing. Seems like a pretty good bet, based on Part 1 covered here.
How does all this info play for the IT pros who usually read this blog? If you're interested in working in cybersecurity, maybe you should let your current employer know. If you share this blog post with them, and show some strong interest, they may actually decide to get you some training to help you make such a career move.
If they're not interested, then maybe it's time to look for another organization. All of us should at least be intrigued by the opportunity to work for employers who understand this particular value proposition!