The cybersecurity skills gap is finally shrinking. As noted by CSO Online, the number of security professionals required to shore up infosec teams has fallen from 4.07 million to 3.12 million over the last year.
The caveat? There’s still a long way to go before businesses aren’t on their back foot when it comes to cybersecurity hiring, staffing and retention — research indicates that security employment needs to grow by more than 40 percent in the U.S. alone to help companies close the gap.
This creates a practical paradox for cybersecurity team leaders: With access to skilled pros on the rise, are they better served by hiring new staff — or upskilling existing team members to meet evolving needs?
The Human Side of Security
One avenue often suggested to help solve the cyber skills shortage is artificial intelligence (AI). It makes sense — new AI tools are capable of handling massive amounts of threat data at speed, creating potential response plans and looping in staff to minimize total risk.
As noted by Security Boulevard, however, no matter how advanced AI tools become, there will always be a place for human infosec experts. In part, this place comes down to our penchant for creative thinking — while tools can be taught to think outside the box, this approach is inherently human, making highly-trained security professionals essential in the threat detection and mitigation chain. Issues around potential AI bias, meanwhile, mean that human experts will always be required to help double-check AI conclusions and evaluate recommendations.
Also read: How Do You Train Employees For Cyber Security?
Showdown: Outside-In vs. Inside-Up
When it comes to finding the best-fit staff for IT teams, two broad approaches exist Outside-in and inside-up. But which one offers the biggest benefit?
An outside-in approach focuses on finding and hiring new staff to help bolster current teams and offers advantages including:
- Skills specificity
When hiring outside experts, it’s possible to select for exactly the skillset your team needs. Job descriptions and requirements can be tailored to identify the ideal mixture of hands-on skills and advanced cybersecurity qualifications. The challenge? Creating the ideal ad doesn’t guarantee the ideal candidate will apply, especially given the sheer amount of market opportunities for highly-skilled pros.
- Consistent credentialing
Hiring new staff also empowers IT leaders to target specific credential criteria — such as CISSP, CEH or CCNP qualifications — and ensure that potential applicants are in good standing with relevant qualification-granting institutions. Starting with credentialed staff helps reduce the time and effort required for onboarding to get security teams up and running ASAP.
An inside-up approach, meanwhile, looks to increase the skill levels of current staff members with expert training and opportunities for new security qualifications. This upskill-based approach comes with benefits such as:
- Security by design
Eighty percent of security professionals don’t feel adequately prepared to defend their organization. It makes sense; as attack vectors rapidly evolve, it’s difficult for staff to keep up. Upskilling allows IT leaders to design the ideal security team by both leveraging current skillsets and augmenting them with targeted training and qualifications.
- Improved staff satisfaction
Sixty-eight percent of IT leaders say it’s difficult to retain cybersecurity talent. The biggest challenge? Lack of defined career opportunities. If talented employees feel stuck in specific roles, they’re more likely to seek (and find) employment elsewhere. Inside-up skills-building offers staff the chance to further their own careers while simultaneously bolstering business security.
So which approach comes out ahead? While both offer benefits for IT teams, the continuing skills gap tells the tale: Finding the ideal infosec candidate remains a daunting task — especially since your competition is also on the hunt for new security talent. Internal upskilling, meanwhile, empowers companies to make the best use of existing resources to address both current and emerging infosec challenges.
Optimizing In-house Training
It’s one thing to recognize the need for in-house training — it’s another to ensure staff have a viable pathway for success and team leaders have the tools they need to monitor progress at scale.
To optimize in-house training, four factors are critical:
- Community
Companies must create a culture of community that prioritizes collaboration over the competition to ensure optimal distribution of security skills.
- Visibility
Organizations need a way to track current skills progress, identify potential gaps and ensure the certifications are offered to the right employees at the right time.
- Consistency
Infosec consistency is critical for success; enterprises must prioritize tools that allow them to see the “big picture” of protective skills across their organization.
- Strategy
Security isn’t static. To ensure new skills deliver over time, it’s essential to develop strategies that solve for current issues, address emerging threats and empower agile response.
Mind the Gap
With cybersecurity skill gaps finally beginning to shrink, many IT leaders are now evaluating their best approach to improve infosec team impact. While hiring outside-in is becoming easier as the number of security experts ramps up, however, inside-up training offers the dual benefits of increased staff satisfaction and security by design to deliver sustainable, scalable defence.
Tatianna Harris is the Enterprise Marketing Manager at Cybrary . She is Experienced in Digital Marketing and Automation, I have a demonstrated history of working in the information technology and services industry. Skilled in Marketing Operations, Search Engine Optimization (SEO), and Adobe Creative Suite, I use practical and resourceful methods to achieve personal and work-oriented goals. As a growing marketing professional, with a Bachelor’s Degree in Graphic Communications, I strive to learn new skills and hone current ones, every day
