Cultivating Cyber Talent
You may have heard the below phrases recently:
Many ‘freshly minted’ cyber grads often spend years of upskilling before landing their first security role. Why? Despite most cyber security degrees support the learning of critical analysis, problem-solving, communication, and investigation skills.These are insufficient to meet the demands of a contemporary cyber security role[2]. Michael Choeng, National Cyber and Tech risk leader at Crowe Australasia points out “Cyber technical theory may or may not be utilised in the industry – we need more emphasis on day-to-day skills. A lot of Cyber is psychology that goes into solution, it’s not only technical.”
But the problem doesn’t just lie within academia, it's systematic. Plugging in ‘entry-level roles in cyber’ into the usual job-seeking channels yields poor results. Jobs advertised ask for a minimum of x years proven experience. You’ve seen these before. Our present hiring methodology is rigid, particularly in our ignorance of how men and women view job advertisements differently.Identical job ads that used more masculine than feminine wording affected perceptions of gender diversity, job appeal, and anticipated belongingness but not of personal ability[3]. Additionally, there is a lack of feedback loops, where little to no constructive feedback is provided from Hiring Managers and candidates are being ghosted by recruiters. Couple these points together and you create a significant barrier.
Richard Atherton, CISO at Visy describes “The industry has a headcount shortage, not talent – We aren’t hiring enough from scratch, mostly its hiring for experience (“minimum x years”)”. Why is it so difficult to hire from scratch? From the view of leadership,the risk of an organization facing a cyber-attack outweighs the need for entry-level skill, which is why nearly all roles in cyber require x amount of 'proven experience'. To provide real value to an organisation, cyber graduates need practical day-to-day working knowledge. At present most aren’t equipped to provide this straight out of University or TAFE.
So yes, there are a few problems... what can, and should the industry do about it?
Look at hiring in a fresh way
One solution could be found in our Leaders IT business. Leaders IT is a subsidiary of Peoplebank and offers what’s called aCapacity Uplift Solution. This is a unique alternative to the “right-sizing” that usually accompanies an economic downturn. By utilising a candidate pool of highly talented, but not necessarily highly experienced candidates we offer a partnership with clients to co-develop successful candidates, through specialised training both formal (which can lead to professional qualification) and on-the-job mentoring. The client benefits by employing the best and brightest new talent as a “blank canvas” to shape into exactly what they need, whilst increasing capacity at a cost base lower than the traditional consulting model.
Additionally, here is some advice for our juniors trying to get into cyber roles
Daniel de Jager, Security Manager at Moula aptly describes the underlying issue with our graduates as not being able to “hack the barrier”. Daniel provides valuable insights for graduates to overcome this barrier. “Cyber grads need a portfolio of evidence that shows how they will demonstrate value.Github, online presence, blogs, papers, YouTube channel, discord servers, and slack groups are fantastic ways to learn and upskill.” Don’t stop once you have graduated, speak with professionals and learn what they work on daily. Forensics, Pentesting, Log Analysis, Malware, Data Science, Big Data, PLUG-IN – Know the vulnerabilities and exploit them. Start CODING, get this on your resume, and get noticed!
Automation is helpful but it won’t solve the problem. You can’t solve a process problem with a widget.Start investing now! To alleviate this issue companies, start considering implementing programs to augment and upskill their current workforce to meet future demand. We need to start developing a cultivating mentality of talent rather than looking for a ‘superstar’ to solve everything.
In conclusion, when we recognise the barriers, we can see that the issue has multiple dimensions:
All of which can be addressed in multiple ways:
- Addressing the above at the grassroots level
- Improving the hiring process
- Building more culturally and neurodiverse teams
- Maintaining a Cultivator vs Superman mindset
If you would like to hear more information, please get in touch!
Call Peoplebank on 03 8080 7200 or 1800 People (736 753)
[1] https://www.helpnetsecurity.com/2021/05/05/understaffed-cybersecurity-teams/
[3]https://gap.hks.harvard.edu/evidence-gendered-wording-job-advertisements-exists-and-sustains-gender-inequality
