Meeting The Cyber Talent Challenge Head-On

Uploaded on 2019-02-14 in JOBS-Careers, FREE TO VIEW

In 2018 over a billion people were affected by data breaches. Even though we are merely weeks in to 2019, other major organisations have already suffered hacking and threats from cyber criminals, from Singapore Airlines to major government departments.

With a well-documented cyber-skills shortage in the UK, set to be compounded by Brexit in 2019 it is becoming increasingly difficult for organisations to hire the talent they need to protect themselves. What, then can HR professionals do to lead the recruitment, retainment and development of staff in cyber roles?

Attracting cyber-talent in 2019

To recruit talented cyber security staff in a candidate-driven market, organisations must demonstrate that they consider cyber security a board-level issue, and that they welcome innovation. Talented cyber professionals want to know they have the attention and support of seniors in these fast-paced and, often mentally taxing, roles.

It’s worth bearing in mind that the average security salary has increased by 6.3 percent compared to 2017, double the average UK growth of 2.9 percent. Financial reward is undoubtedly important in a competitive market but just as important will be how organisations demonstrate to candidates that they will be given opportunities to train and develop.

Cyber security candidates in particular are increasingly attracted by access to industry mentoring programmes, which HR can be instrumental in developing and driving. In this sector you cannot simply buy loyalty, and learning and development is where HR will be so important in the recruitment and retention of talent. 

Identifying the right roles to future-proof your organisation  

Cyber security is a constantly evolving sector, and in 2018 there were several roles gathering pace. The Security Awareness Manager being one such example; organisations are more widely adopting awareness programmes in response to GDPR or to improve security management.

This is leading to non-technical Awareness Manager roles growing from out of a side-line responsibility within the IT and compliance teams to an organisational wide role commanding impressive salaries.

In our latest salary survey, the greatest salary increase was claimed by the Security Awareness Manager. This role is responsible for security user awareness programmes within an organisation and is focused on behavioural and cultural change to drive better security practices within the workforce.

Pay jumped by 20 percent in just 12 months, with annual salaries sitting between £60- 90k on average. This huge increase reflects the growing cognisance of the number of cyber threats that target personnel and count on employees’ lack of awareness to succeed.

However, when it comes to cyber security job titles there are few firmly agreed descriptors in use. Without the standard industry terms enjoyed by more established disciplines, cyber related CV’s may not clearly specify skills that align with the job description, but that doesn’t mean the candidate doesn’t possess what’s required. In a climate of cyber-skills shortages, it will be increasingly important to demonstrate flexibility in hiring for cyber and look beyond the checklist.

As a developing sector HR must also keep pace with technological change that will demand new talent. For example, through 2019 we will see new roles emerge as technologies such as autonomous cars, connected medical devices and artificial intelligence boom.

These will demand very specific skill sets to ensure implementation is secure and safe. How will your HR teams support brand new roles, the likes of which will require supreme talent and board-level support to succeed?

Make 2019 a year of collaboration and diversification

With these challenges in mind, in 2019 hiring managers will need to work closely with IT and compliance colleagues, as well as the board and wider business to truly understand the organisation’s cyber requirements. Hiring processes must allow for subject matter experts to be closely involved and supported.

Equally, it must be HR’s role to ensure that assets such as adverts, job descriptions and candidate communication encourage those with diverse backgrounds or needs. HR must also be able to facilitate any workplace adjustments necessary to enable accessibility and safeguard employees. Whether race, gender or neuro diversity, cyber is a sector that demands different approaches and innovative thinking.   

Are we nearing the end of cyber talent shortages?

Unfortunately, not. The cyber security skills gap will likely take many more years to close and demand will continue to far outstrip supply. We are likely to see further difficulties during 2019 due to Brexit as it becomes harder for firms to hire international talent. The industry relies heavily on practitioners from around Europe and beyond, particularly in front line work  such as security analysis.

Stemming from this, outsourcing will become an even more prominent factor in security as organisations turn to external contractors to fill vacancies, and offerings such as Managed Security Services will become an essential part of the security strategy. HR will also have a crucial role to play in managing these outsourced relationships and ensuring value for money.

Nevertheless, HR can help to stop security costs spiraling by learning from the hiring strategies of some public bodies.  That focus more on internal development and upskilling for graduates and junior practitioners. Rather than offering increasingly high wages for senior professionals, HR should look at ways to help grow their own in-house capabilities without expending their budget on inflated salaries and contract rates.

The task for HR is to make sure the will, support and strategy is in place to build this culture of upskilling, and effectively communicate this strategy of staff development to potential recruits, and to their leaders.

HR News:

You Might Also Read:

UK Launches Long-Awaited Cyber Skills Strategy:

 

« Military Cyber Training Methods
Cyber Insurance Risks Are Moving Too Fast For Underwriters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

HorizonIQ

HorizonIQ

HorizonIQ (formerly Internap Corp / INAP) maximizes efficiency and innovation with flexible infrastructure solutions.

Bl4ckswan

Bl4ckswan

Bl4ckswan is a Management Consulting firm specialized in the delivery of information security and compliance services.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

Network Center Inc (NCI)

Network Center Inc (NCI)

NCI is one of the largest IT solution providers in the Midwest. We specialize in industry specific technology solutions, service, support, and expertise for small to enterprise businesses.

LiveAction

LiveAction

LiveAction provides end-to-end visibility of network and application performance from a single pane of glass.

du

du

du is a telecommunications service provider providing UAE businesses with a vast range of ICT and managed services.

Alpha Mountain AI (alphaMountain)

Alpha Mountain AI (alphaMountain)

alphaMountain provides up-to-date domain and IP intelligence for cybersecurity investigational and protection platforms.

Altospam

Altospam

Altospam is a full service corporate email protection, integrating multiple security levels for your emails.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.