The Cyber Security Talent Report from Hays has found two of the top five cyber security challenges organisations face trace back to the acute cyber security talent gap. Those challenges are: a lack of in-house expertise and difficulty finding the right talent. The finding comes from a survey of over 200 cyber security professionals and business leaders.
The survey also found that 61 per cent of respondents said it is ‘difficult’ or ‘very difficult’ to recruit cyber security talent while only one-half believe they are ‘capable’ or ‘extremely capable’ of developing and retaining cyber security talent.
“The need for cyber security professionals is far outpacing the number of qualified candidates and this will only continue to escalate with the increasing sophistication of threats to Australian and New Zealand businesses,” says Adam Shapley, managing director at Hays Information Technology. “In a highly competitive market, organisations must also implement strategies to retain and develop their cyber security talent if they are to effectively overcome the cyber security skills shortage.”
The good news is that the talent shortage has created strong job opportunities for those interested in pursuing a career in the industry, and job seekers do not necessarily need to possess highly technical skills to be successful.
“Employers realise they need to keep an open mind when writing their selection criteria and reviewing candidates. People with strong soft skills and a background in IT can be upskilled into cyber security,” says Adam.
Nick Baty, chief security advisor, Ministry of Health New Zealand echoes a similar perspective in the report. “A lot of people think you need to have a technical background or an IT degree to work in the cyber security field,” he says.“I didn’t come from a technical background with formal training, but I gained the skills and knowledge from the intelligent people around me.”
Hays also found that 56 per cent of organisations access cyber security talent by upskilling existing IT staff. Peter Frochtenicht, national manager – security and compliance at NEC Australia, says in the report that when recruiting talent, he often upskills internal staff. Peter says, “I look for someone who is easy to manage, a self-starter that can do the job regardless of any industry certifications. If a person has a ‘can-do’ attitude, I know I can work with them and train them up very quickly.”
In other findings:
- 48 per cent said that their organisation’s cyber security team is insourced, while 40 per cent utilise both insourced and outsourced talent
- One-half (52 per cent and 54 per cent respectively) of organisations surveyed believe they are ‘capable’ or ‘extremely capable’ of developing and retaining cyber security talent
- Only 22 per cent of organisations are collaborating with other organisations in industry training or development programmes to assist in overcoming the cyber security talent gap
- 58 per cent believe that support of management to deliver on cyber security initiatives is the most important factor when attracting cyber security professionals. This is followed by the offering of competitive or industry leading salary and benefits (43 per cent) and the organisation being innovative and using the latest technologies (42 per cent)