The most recent ISC2 cyber workforce study found that the global cyber skills gap has increased 19% year-on-year and now sits at 4.8 million. Alongside a smaller hiring pool, tighter budgets and hiring freezes are also adding fuel to the fire when it comes to leaders’ concerns over staffing. They’re navigating hiring freezes and fighting a landscape of competitive salaries. And, once they have the right people in place, the business tasks them with cultivating a culture that encourages retention.
As the c-suite representative of the cyber security function, it would be tempting to place the responsibility on the CISO. But the reality is that they can’t do it alone and organisations shouldn’t expect them to either. Building a workplace that hires and keeps hold of top cyber talent requires the tandem force of HR and CISOs.
The CISO is an important cultural role model
The truth is that CISOs – or heads of cyber departments – are under more pressure than ever, fulfilling an already challenging managerial role while experiencing tight financial and human resources. Over a quarter (37%) have faced budget cuts and 25% have experienced layoffs. On top of this, 74% say the threat landscape is the worst they’ve seen in five years.
Fundamentally, they do not have the bandwidth or indeed, necessarily all the right skillsets, to act as both the technical and people lead. That’s not to say they shouldn’t be in the thick of it with their team, though. They should. But this should focus more on how they can be a strong, present role model for their team and lead from the top to maintain a healthy team culture. Having someone who leads by example is crucial for improving job satisfaction and increasing retention in an intense industry like cyber.
This could be as simple as championing a good work-life balance to empower their teams to protect their own time outside of work, especially in a career where the workforce often feels pressure to be ‘on’ 24/7. For example, providing the flexibility for their team to work outside of the traditional 9 to 5 hours to be able to pick up children from school if they’re working parents.
Forming a close ally in HR to build team resiliency
With job satisfaction in cybersecurity down 4%, there is a need to improve working environments to preserve employees from burnout and encourage top talent to stay. Creating a strong, trusted and inclusive team culture is one way that the CISO can do this. But they should also be forming a close allyship with HR and hiring managers to build further resiliency. In my experience, here are some of the key ways that these two functions can come together to build a robust cyber team:
Supporting teams with temporary resources
It can be a challenge to alleviate pressure on the team when budgets are constrained – or when there is a flat-out hiring freeze policy across the company.
However, the CISO and HR must take action so the team doesn’t suffer from burnout or low morale. They can circumnavigate hiring freezes and budget constraints with temporary contractual help.
Deploying temporary cyber practitioners can be financed through a different “CaPex” budget, rather than permanent staff allocation and saves companies the cost of national insurance and holiday pay for example.
Looking beyond traditional CVs when hiring
Hiring from a small talent pool and with competitive salaries is difficult.
That’s why it’s important for cyber and HR leaders not to overlook CVs that may not fit the traditional mould of what a cyber employee looks like. For example, this could be opening up hiring cycles to be more accommodating to career changers with valuable transferrable skills such as communication and teamwork, or those from non-traditional cyber backgrounds such as not having a degree in computer science.
Identifying appetite for cyber within the business
Leaders can look from within for potential talent to fill much-needed roles.
For example, individuals responsible for championing cyber best practices in other lines of business might be interested in a career change. Or if redundancies are on the table, it may be a way of keeping loyal staff with business knowledge within the company and cutting out lengthy external hiring processes.
The CISO and HR team can then work closely to reskill individuals in the technical and impact foundational skills they need.
Championing diversity of experiences and thinking
To tackle the dangers of cyber-attacks, HR must focus on breaking down barriers in cyber by promoting diversity in skills and backgrounds within their teams. This comes from taking different approaches to hiring.
This not only broadens the talent pool but also provides unique perspectives on how cyber threats impact different business areas, ultimately creating a more resilient cyber team and strengthening the organisation’s defences.
Final thoughts
The CISO must be a dynamic role model. They must drive team culture and values from the top down to foster an environment that motivates and engages their team. They must also collaborate closely with HR to recruit, train, and retain top talent, ensuring the cyber function is well-equipped to tackle the ever-evolving threat landscape.
- Cybersecurity
- People & Culture