Dr Andrea Cullen is CEO and Co-Founder of CAPSLOCK.
Andrea has worked in cyber for almost 20 years in a number of roles, the most recent of which is as a Co-founder of CAPSLOCK, an award-winning company that reskills adults into cyber professionals. She previously worked as a senior academic; co-authoring and delivering a GCHQ-certified Masters cyber security degree and publishing extensively in the area of computer science and cyber security. She has also spent time in industry working as a cyber consultant to public and private sector organisations. She was recently granted full membership to the Chartered Institute of Information Security and is passionate about helping the cyber industry become a more diverse place to learn and work.
Last year one of the greatest developments cyber leaders faced was that of GenAI.
This technology has impressive capabilities and can be a real asset to cyber teams. However, it can also pose one of the biggest threats in the cyber landscape.
As a new year begins, cyber leaders must prepare themselves for the challenges of a threat landscape made all the more complex with the danger of deepfakes, self-replicating AI worms and more. But in a challenging industry to hire for with a global workforce gap of 4.8 million professionals, how do leaders get the right talent to secure their businesses?
Leaders mustn’t fall into the trap of hiring solely on certification. Valuing diversity at the core of hiring practice will mean hiring managers can find the most passionate cyber talent, with strong transferrable skills and an eagerness to learn.
Quickfire solution for the skills gap
One of the challenges CISOs and CSOs find when trying to bolster the headcount of their teams is the lack of budget to bring on permanent hires. Only 5.7% of the IT annual budget goes towards cybersecurity but security leaders may still find themselves needing extra help during one-off projects or hiring cycle freezes. In this scenario, CISOs and CSOs can hire certified cybersecurity contractors for these vacancies temporarily.
During economic uncertainty taking on temporary hires gives cyber leaders the opportunity to take on help from junior to senior level with a range of general or specialist skills without having the financial worry of having to budget for recruitment fees, national insurance, pension and holiday pay. This is because leaders agree to a fixed daily rate, so can secure expertise even during periods of tighter budgets.
But taking on temporary contractual hires isn’t just a short-term solution. By bringing new talent into the team temporarily, hiring managers can foster a network of strong talent. When it comes to making permanent hires again, this means they can simply tap into a pool of cyber professionals with existing skills and business knowledge of their organisation. This can set teams up for success in the future when making hires in a challenging hiring market.
Looking for talent within
While building an external talent network is a great way for cyber hiring managers to alleviate stress on the team, they shouldn’t overlook talent which could be closer to home. Cyber is an industry where transferrable impact skills are often the most valuable. Technical skills can always be taught, but teamwork and communication for example are vital to a good cyber professional and often acquired by those working in totally different business functions. With this in mind, one option that can prove incredibly valuable is reskilling existing talent within an organisation and rehoming them in the cyber team. One of the most striking benefits of this is that you can preserve talent and business knowledge by avoiding layoffs.
BT did just this and reskilled 30 employees in 16 weeks from roles across the company into cyber, their fastest-growing business area. Not only did this mean that the new recruits were passionate and willing to learn about cyber, they had diverse thinking and unique experience from their former careers.
Securing the future of cyber with diversity
One of the biggest barriers to reducing the skills gap in cyber is the industry’s lack of diversity. Women, for example, make up only 17% of all cyber workers, while only 15% are from ethnic minorities. This means that a huge percentage of the population are cut out of the cyber industry, and valuable talent is left untapped.
I have been in the industry for 30 years and seen how challenging getting a foot in the door is. Hiring managers often require a university background and extensive experience just for entry-level jobs and will favour those with a technical background, neglecting impact skills.
In the age of AI-enabled hackers, diversity of background and skills is vital for teams to have the expertise to think like threat actors and stay one step ahead. In order to build this more diverse talent pool hiring managers need to focus on strategies to build diverse talent networks and bring in role models who can pave the way for more talented individuals from underrepresented backgrounds to break into the industry.
Widening opportunity to close the skills gap
Making the hiring process more inclusive to those without a traditional cybersecurity background is vital to closing the skills gap. With such a large segment of the population currently underrepresented in cyber, hiring managers are truly missing out on some of the best talent available.
By taking on short-term contractual support and reskilling for the long term, CISOs and CSOs can strengthen the cyber function within their organisations. Taking on short-term contractual hires can become future permanent hires, while reskillers from other areas of the business can preserve valuable business knowledge. Ultimately, this means CISOs and CSOs can widen opportunities for gaining experience within the sector while building their own networks of talent for the future security of their cyber function.
There’s a long road to increasing diversity within the UK cyber industry but beginning by integrating diversity in the hiring process is the best way to lay strong foundations for the future.
