How upskilling can help beat the great talent shortage

Cybersecurity is feeling the talent squeeze 

Cyber has a numbers problem. Reported attacks are up 13% year on year, with ransomware rising even more steeply. In response, organisations around the world are bolstering their security, with over half looking to increase their headcount. 

But that’s hard to do in job market that’s stretched to breaking point. Austcyber notes a “severe shortage of job-ready cybersecurity workers”, and suggests that Australia will need nearly 17,000 more workers by 2026. 

Government measures pushing new technologies and fast-tracking skilled migrants should help, but may not offer much immediate relief to overstretched teams – or to CISOs who are spending countless hours scanning resumes and holding interviews, but failing to find the right candidate. As remote working and a rise in networked devices give hackers more vulnerabilities to exploit, the urgency to get cyber-ready boots on the ground has never been greater. How can businesses set up a team that’s up for the challenge? 

The answer may come from within 

Whether you’re looking to hire fresh graduates with IT degrees or established professionals with CISSP certification, many managers will default to the tried-and-tested approach of simply looking further and wider. But while fresh talent can be invaluable, ignoring in-house staff in favour of new faces isn’t necessarily the answer.  
 
For one thing, highly qualified candidates can lack practical skills. And in a constantly changing cybersecurity landscape, you can hire an individual whose certifications tick all today’s boxes, then find you have an entirely different cybersecurity problem just a few months later. 

The answer is to look for problem-solvers who are eager to learn, rather than looking for someone who ticks all the boxes. The key is to focus on competence rather than qualifications, and realise that the best candidate may already be on your payroll. 

Workers that already know their way around your workflows and understand the company culture are invaluable. Upskilling them, in which individuals are taught additional skills, can empower your team to step up to different roles and new challenges. 
 

Upskilling can help you build a future-proof team 

The tricky thing about cybersecurity talent, is that aptitude and attitude are just as important, if not more important, than hard skills. If you think about talent in these terms, you might realise you already have some diamonds-in-the-rough in your team already. Channel the enthusiasm of existing staff, whatever their role. Look for individuals who are particularly proactive and curious: IT staff who stay on top of the latest industry developments and are confident on multiple platforms are a great place to start.  
 
Find out what motivates them, and work with them to develop an upskilling plan. That may mean them joining online courses, attending webinars or signing up to professional organisations such as the Australian Information Security Association (AISA) or Australian Computer Society (ACS). 

Taking on additional tasks can help IT staff widen their field of knowledge and progress their careers. That will often involve deepening technical knowledge, or broadening skill sets. Team members whose project management is strong can be tasked with leading projects as a step towards a role in management. Those with strong people skills can be encouraged to run awareness training or present reports. Even if these shifts don’t lead into formal roles, by listening to staff and helping them develop you’ll increase their feelings of satisfaction and autonomy. And reducing your organisation’s churn will leave you with less new hires to make. 
 

Consider the wider culture and specific gaps 

These changes can form part of a wider cultural shift of putting cybersecurity at the heart not just of your team, but at your company. Building bridges and securing advocates in the rest of the business can reveal individuals who could move sideways, bringing a whole new set of business and behavioural skills to the department and helping bust silos. 

But while listening to and encouraging staff is crucial, upskilling isn’t just about personal development: it’s about filling gaps in your organisation and building cyber resilience. That means considering your organisation’s cybersecurity aims and taking an inventory of existing skills. Breaking down the skillsets and levels of expertise required in individual roles will help you build a wish list – some organisations use the results to build different persona types. Mapping employees’ current and potential skills will then indicate the gaps you have to fill, and the upskilling and reskilling journeys that might take you there. 
 

A combination of upskilling, AI and outsourcing can solve your talent shortage 

Upskilling can increase employee morale, boost retention and help you fill roles in-house. It may be augmented by other approaches: AI can take the strain out of monitoring, threat detection, analytics and more, while other cyber functions can be outsourced to service providers. In the short term, third-party assistance can support a developing team that’s not yet at full capacity, and in the longer term it can help your experts focus on business-critical tasks. Interns and young hires, meanwhile, can provide vital research, undertake basic tasks and offer homegrown talent that knows the ins and outs of your organisation.

None of this, of course, means you’ll never need a new hire. But by helping employees develop, upskilling can fill gaps in your team that you may struggle to fill in the current climate. 

When used alongside increased automation and judicious use of third-party security, upskilling and reskilling programs can do far more than that. By helping employees develop new skills, it can increase job satisfaction and create a team that’s flexible enough to respond to changing times: and if one thing is for certain in cybersecurity, it’s that tomorrow holds a new challenge.