Cyber security talent

Cybersecurity Talent Shortage in North America: Bridging the Gap

Andrew Zola
Andrew Zola on Linkedin

Around the world, cyber attacks are on the rise, and it’s now one of the leading threats for enterprises. There is also growing rhetoric within government agencies that the risk of sponsored cyber attacks on national and international infrastructure could lead to economic chaos. 

According to research, a large-scale attack would lead to both direct and indirect damages. For example, direct damages can be the destruction of critical assets like utilities and infrastructure. Such a malware attack could lead to a (direct) loss of $243 billion to $1 trillion. The indirect costs would include losses incurred by the insurance industry which could add up to as much as $71.1 billion.

While governments and business leaders in North America are aware of the need for top tech talent, the tech industry is faced with an enormous problem regarding supply and demand.

According to Cybersecurity Ventures, there are approximately 350,000 open cybersecurity positions in the US alone. By 2021, the company forecasts as much as 3.5 million vacant cybersecurity posts (up from one million in 2016).

What Caused the Talent Gap?

A recent survey conducted by Booz Allen Hamilton found that almost 72% of firms found it difficult to identify and hire top cybersecurity talent. This means a significant number of companies are struggling to better secure their digital assets.

So how did we end up here?

1. Digital Transformation

In recent years, businesses across industries have gone through a digital transformation. This means that technology is now at the heart of all enterprise operations which makes it more vulnerable than ever before to a cyber attack.

At the same time, there has also been an increase in cyber attacks that make the headlines. This reminds business leaders and reaffirms the urgent need for security professionals with the right skills, talent, and experience.

2. Lack of Cybersecurity Training

For decades, there was also significant under-investment in security training and education. As a result, when cybersecurity experts retire, there’s no one else who could come in and successfully replace them.

Enterprises also have to deal with an increase in exposure to risk that’s a direct result of the human element. For example, it’s common for individuals to create a myriad of different accounts that increase the likelihood of error (which can potentially be exploited by bad actors).

Every on-premise server will also have a complex set of configurations, so one small mistake can quickly lead to devastating consequences.

As a result, it makes sense that exponential growth in vulnerabilities will also demand a corresponding increase in manpower to help secure enterprise infrastructure.

Bridging the Talent Gap

So how do we solve the talent gap issue? 

1. Poach Security Professionals

In the short-term, you can solve this problem by throwing money at it. Businesses in Canada, the US, and Mexico can compete for top security talent by dangling the six-figure carrot.

However, with the average annual salary for cybersecurity specialists in the region of $107,433 (as of Oct 31, 2018), not everyone can compete.

Even if you have the necessary resources to poach highly skilled security talent from your competition, you’ll also be faced with the challenging task of holding on to them.

I mean, let’s face it, there’s always going to be another company who can afford to pay them more money. So if they jumped ship and joined your organization for a better paycheck, they’ll probably do the same when the next (best) offer comes along.

2. Invest in Your Employees

Enterprises can also take a long-term approach to cyber security by investing in their employees. For example, you can pay for your IT talent to go back to university, take online courses, or attend bootcamps to upskill or reskill in this discipline.

However, this doesn’t mean that you should only offer your IT team this opportunity. Instead, it should be available to anyone who has an interest in cybersecurity. This approach will also help build loyalty, so you’ll be better placed to hold on to them (when someone comes along and offers them a lucrative package).

To build and nurture loyalty, you also have to create an environment that keeps staff challenged and happy. For example, you can offer remote working opportunities or create incentives that will help differentiate your business.

For the most part, top tech talent appreciates companies that offer opportunities to grow and advance their careers, so investing in them will go a long way to help retain them.

3. Hire Entry-Level Candidates

While hiring young people fresh out of college may not be everyone’s first choice, recruiting inexperienced but passionate entry-level tech talent can pay off. Once you get them in through the door, you can work on upskilling them over time and nurture the security specialists your business will desperately need in the future.

A great way to identify and attract these candidates will be at tech-related meetups, workshops, and hackathons. This approach will ensure that you only recruit individuals with interest in learning (and justify your investment in them).

Internships are another way to identify potential cybersecurity candidates who can blossom into expert security specialists.

4. Outsource Cybersecurity

When you need to better secure your IT infrastructure and don’t have the necessary resources to compete in the job market, outsourcing can be a viable option that can solve this problem both in the short- and long-term.

At Digi117, we have helped companies across North America nearshore (in Canada) or offshore (in Ukraine, Mexico) their cybersecurity protocols successfully while not breaking the bank. For example, we have assisted numerous businesses seamlessly access top security talent from Eastern Europe, Israel, and North America.

In fact, we have helped businesses across industries conduct security audits, identify and eliminate vulnerabilities, engage in penetration testing, and hold cybersecurity workshops to successfully reduce risk and maintain compliance.

In the fourth industrial revolution, technology has also enabled us to seamlessly collaborate across continents, so distance is no longer a significant issue. However, there will be a difference when it comes nearshoring and offshoring when you compare costs.

The best solution for your business will depend on your specific needs. Going forward, you might have to take a mixed approach to effectively meet both your long-term and short-term security goals.

Is your company struggling to fill vacant cybersecurity positions or need a security audit? We can help: reach out to Digi117 now!