As the use of technology continues to grow, it creates new benefits and opportunities for all of us — from simplifying repetitive tasks to enabling new ways of connecting, learning and working, the benefits are endless. However, with that growth comes technological risk and an even greater need to be cyber-resilient. As software continues to advance each year, so do the hacking software and prowess of global cybercriminals. Recently, we’ve seen artificial intelligence (AI) technology (e.g., ChatGPT, Bard, etc.) burst onto the scene and floor millions with its capabilities. At the same time, global cyberattacks increased by a whopping 38%. The effects are costly, with cybercrime estimated to cost businesses over $8 trillion this year alone, with that annual figure expected to surpass $10 trillion by 2025.
Rethinking Qualifications and Models
With cybercrime rates increasing and outpacing the supply of new industry talent, leaders need to reconsider how they define who is truly “qualified” for an entry-level position. At Cengage Group, our 2022 employability report found that 57% of tech employers are unlikely to even consider a candidate who lacks an industry-specific bachelor’s degree. Unfortunately, colleges and universities are not pumping out cybersecurity graduates fast enough. And even those candidates with a cybersecurity bachelor’s degree are finding that entry-level roles also require 3-5 years of experience. There is clearly a misunderstanding of the talent pool. Tech and cybersecurity leaders are struggling to grasp the idea that a degree in cybersecurity or technology is not necessary for a successful career in the space.
In cybersecurity, there is greater demand for talent in more senior roles than in other industries. Meeting this demand requires information technology (IT) leaders to think differently about hiring and consider creating more on-ramps and pathways into those high-demand roles so that they can more easily and actively pull talent up the organization.
Leaders should reconceptualize the characteristics they look for in entry-level candidates and opt for a skills-based approach to hiring — one where skills speak more than degrees. Employers should think hard about the core skills necessary for a particular role and work to find candidates who have verifiable skills — and then provide the ability to fill in any gaps with training. Beyond reframing employment requirements, employers should recognize that they must play a bigger role in developing entry-level talent. From recruiting to training and verifying talent and eventually placing and managing talent, there is a lot for an employer to manage. Outside intermediaries can help with recruitment, training, working with local colleges and workforce organizations and even providing post-hire support to ensure candidates remain successful in their roles. Often, this approach is actually more cost-effective than recruiting already trained talent from the open market.
The Apprenticeship Advantage
From July through November of 2022, the Biden administration sponsored a 120-day cybersecurity apprenticeship sprint to help combat the talent shortage and raise awareness for the efficacy of apprenticeship programs. The numbers don’t lie: The initiative saw 7,000 participating apprentices placed into full-time cybersecurity roles with employers like IBM, McDonald’s, Boeing and more. Apprenticeship programs are a true win-win for employers and workers.
For employers, apprenticeship programs are a way to train and trial an employee. These alternative models remove the risk in hiring both for the employer and the candidate. At the end of the program, the employer will either know that the apprentice isn’t a great fit for their organization, or they will have a fully trained, hirable employee that they’ve already built a solid relationship with. For workers, apprenticeships are an opportunity to “learn while you earn,” and gain the skills and experience necessary for full-time cybersecurity employment and the connection to a potential position. Best of all, apprenticeships produce hirable talent in months, not years.
However, the employer’s role in cybersecurity training shouldn’t start and end with apprenticeships.
Continuous Upskilling
As the tactics and tools of cybercriminals continue to evolve, so should the skill sets and tools of cybersecurity professionals. Continual access to upskilling is not just a nice-to-have, it’s a must-have for cybersecurity staff. Not only does access to ongoing training keep an organization safe, but it also shows employees that you are invested in them and their personal success. In recent Cengage Group research conducted on The Great Resignation, we found that a top reason employees left jobs was because they were no longer growing in their careers. Meanwhile, according to the same study, 66% of resigners said access to employer-paid upskilling and training was an important factor in taking a new job. IT leaders need to demonstrate a commitment to continuously re-equipping and upskilling their cybersecurity workforce, otherwise, talent could exit as quickly as it comes in. This may mean closer coordination with leaders in human resources and outside intermediaries who can help organizations with upskilling programs and ongoing talent needs.
Cybercrime is inevitable, and bad actors will come up with new scams and new technology to wreak havoc. However, if business leaders can reimagine the talent acquisition and development process; adopt a skills-based approach to hiring; offer apprenticeships or partner with intermediaries who can help recruit, train, vet and place candidates; and commit themselves to continuous cyber upskilling, they can bolster the skills and ranks of their cybersecurity teams and ultimately mount a more formidable response to growing threats.
As we embrace the benefits of technology in our lives, we need to think about the cyber risks and ensure our front line of defense is both well-staffed and well-trained.
