According to the panel of experts, organizations need a fresh look at their hiring policies, hiring processes and interviewing techniques if they want to address current cyber skills shortages and gaps.
The UK currently has a shortfall of around 57,000 cybersecurity professionals, compared to more than 3.4 million globally, according to ISC2 statistics.
Learn more about skills shortages here. The cybersecurity workforce gap will increase by 26% by 2022.
But there are things organizations can do to mitigate the impact of the current shortage, experts told InfoSecurity Europe attendees this morning.
Amanda Finch, CEO of the Chartered Institute of Information Security Professionals (CIISec), urges you to start by understanding what kind of teams your organization needs.
“We encourage our members to evaluate the teams they already have, consider how they can develop the talent they have, and consider where the gaps are. I recommend it,” she explained.
“Many of the gaps are not necessarily very technical roles. Analytical and communication skills are very demanding and we are looking to transfer skills from the business rather than hiring experienced people. We encourage you to wear
Recruiting non-technical roles from the internal talent pool ensures cybersecurity teams have people who are business savvy, readily available for training, and willing to participate in the job. It means to, he added.
Jools Gascoigne, CISO of Transport for London (TfL), agreed, arguing that technical roles tend to focus on skills and experience, which is often the wrong approach.
“What we try to do is focus on the character, the person, the attitude, the aptitude, not the skills and experience. he added.
ISC2 director Ed Parsons argued that recruiters also need to take more personal responsibility for job descriptions.
“We often rely on Human Resources to do this, but those job descriptions contain language that includes specific responsibilities and certification requirements that are exclusive or not really necessary. It’s very easy to be accidentally included,” he said. “This will result in many good candidates being filtered out by automated means.”
The interview process itself can also frustrate both job seekers and employers, Finch said.
“When we do recruiting activities at CIISec, we talk to individuals in groups of two or three, but rather than exposing them to tough sessions, we try to be very relaxed in order to get the most out of them. “I tend to do that,” she added. “That way, you get to know the person’s potential rather than getting ready-made answers to prepared questions.”
Finch argued that it might be a good idea to challenge the candidate before the interview to understand not only the candidate’s suitability but also how much they want the role.
