In case you missed it, Tessian released the Opportunity in Cybersecurity Report 2020 earlier this month. In it, we examine the growing skills gap in cybersecurity through the lens of the disproportionately low percentage of women currently working in the field.
While the report was released in time for Women’s History Month and addresses the issue of gender bias in the industry, we found that it’s actually inaccurate perceptions of cybersecurity that are preventing people from considering the opportunities available.
So, how can organizations tailor recruitment efforts to help candidates overcome this barrier to entry?
To find out, we invited three of the contributors to the report to join Kelli Hogan, Tessian’s Head of Marketing Communications, for a webinar: “Cybersecurity skills gap: talent shortage or image problem?”
You can view the full webinar here, and we’ve compiled the key takeaways for you in this blog.
Cybersecurity is an incredibly diverse field
Cybersecurity isn’t limited to hackers, developers, and engineers.
“You can literally do anything in cybersecurity. Whatever your skillset is and whether you’re technical, non-technical, inspired by policy, wanting to work directly with application development teams, or get into consulting... you can find a home within cyber security”
This is perhaps best demonstrated by the women themselves.
Carolann Shields, the former CISO at KPMG, is something of an industry veteran, having driven more than fifteen large-scale company-wide cybersecurity initiatives throughout her career. But, she didn’t study anything related to computer science. Instead, she earned her degree in Business Studies before starting down her path to cybersecurity.
On the other hand, Hayley Bly, a Cybersecurity Architect at Nielsen, earned her Bachelor’s Degree in Computer Science almost four years ago and is currently working towards her Master’s of Science in Cybersecurity.
Finally, Tess Frieswick, who earned her Bachelor’s Degree in World Politics with a minor in Islamic World Studies, became interested in cybersecurity after learning about Russian bot interference in the 2016 US presidential election. She recently started a new job as a Client Success Manager at Kivu Consulting after spending a year working at Uber as a security analyst.
Learn more about their backgrounds by reading their profiles on our blog.
Organizations should enable internal recruitment as well as external recruitment
While most of us think of recruitment outside of our organization when we consider growing our security teams, Carolann has, throughout her career, made a point to look internally first.
“When I've needed to fill junior roles, I’ve always looked internally at people who are talented in other roles. Even if you just think about security awareness and training... there's a lot around event planning and developing training material, which means it’s a great entryway for someone who doesn’t have technical skills.”
Importantly, internal recruitment was only possible because of the environment KPMG created through job shadow programs and other initiatives that encouraged cross-functional movement and communication between teams.
Internal recruitment can do more than just fill vacancies, though. It also gives other individuals and even full departments a chance to better understand the function of cybersecurity teams which, in turn, helps build a stronger, more positive security culture.
Collaborative and open environments attract new talent
We know from our research that creativity and collaboration rank in the top five skills needed to thrive in a cybersecurity role, but it’s clear that these are also attractive traits in an organization to applicants.
That means if you want new, diverse talent, you have to communicate the scope of the opportunity, the open-mindedness of senior executives, and the organization’s overall propensity to engage with new ideas.
COVID-19 means more for cybersecurity than just a transition from office-to-home
Given the current climate, it’s no surprise that the conversation turned to COVID-19.
When asked by an audience member during the live Q&A what the outbreak meant for the future of cybersecurity, all three of the women were steadfast that the impact goes far beyond just the transition from office-to-home, especially as attackers are taking advantage of the situation with opportunistic phishing attacks.
“Our work has changed. Because more people are working from home, attackers are exploiting vulnerable networks, vulnerable VPNs, and more. We've had an increase in ransomware cases and other incidents like that, too.”
But, this doesn’t just impact professionals in client services. Organizations are relying more heavily on cybersecurity teams to lock down internal systems and networks. The question is: Are teams going to have to do more with the same resource? Or will teams expand as necessary?
Increased remote-working could mean more opportunities in cybersecurity
According to Carolann, it’s inevitable that this sudden transition necessitates a larger security team.
“Organizations will have to make their security teams more robust. We’ve been moving in that direction anyway, but COVID-19 is going to accelerate that. Remote-working introduces complexities that you just don't have when you can have everyone sitting in an office behind a firewall. It’s a difficult task trying to keep everyone secure; behavioral change and educating folks will be really important. If those things weren’t already a part of your cybersecurity program, they’re going to need to become a part of it.”
Now more than ever, organizations have to recruit new and diverse talent in order to not just fill the 4 million vacancies that already exist, but to accommodate the increased reliance on cybersecurity teams to help us all safely transition to remote-working.
For more insight on how to improve your recruitment efforts, listen to the webinar.