A look at the cyber security talent gap. We ponder some of the solutions to the growing demand for companies to keep their digital domains safe.

Data breaches have serious consequences. Whether you’re a government organisation, a major international corporation, or even a tech giant like Yahoo or Facebook, no one seems safe from the threats lurking in cyberspace. Of course, not all data breaches will make national headlines, but they still have a severe impact on the organisations involved. Scarcely a week goes by without news of another major hack or data loss, resulting in lawsuits, reputation damage, loss of confidence and fines that can run into the hundreds of millions.

The quest for the security skills holy grail

As our world increasingly revolves around technology, data and the internet, the question of how we keep this data safe and secure is becoming more and more important. However, the answers to those questions are getting harder and harder to find. Most companies find recruiting and hiring the talented cybersecurity professionals they need to be a highly challenging task, with such skills now in huge demand. Industry headlines such as ‘Is the Cybersecurity Skills Shortage Getting Worse?’ ‘The Cybersecurity Skills Shortage is getting worse’ and ‘The Cybersecurity Talent Gap is now a National Crisis’ paint a bleak and alarming picture. Meanwhile, between half and two-thirds of organisations are reporting a problematic shortage of cybersecurity specialists, whilst some estimates suggest that there may be up to 3.5 million unfilled positions in the industry by 2021. Just to make matters worse, it’s not just the people themselves that are in short supply, but also certain skills within the profession. Some organisations that have skilled cybersecurity staff still report shortages when it comes to advanced skills like cloud security, threat intelligence and security investigations. So even if you find the ‘Holy Grail’ and manage to hire a talented cybersecurity professional, your problems still might not be over.

The cold, hard truth is that the people we’re looking for just don’t exist – certainly not in anything like the numbers that we need. At the moment, we’re trying to find individuals who, amongst other things, are experts in very specific technical skills, have the imagination to think of new threats that may emerge, are collaborative, have great management and analytical skills, the adaptability to respond to a rapidly changing threat landscape and have a passion for constant learning and self-improvement. As one recent article notes:

"the quickest solution would be for one person to be able to do the work of five."

The obvious problem is that these sorts of people are rare – where they exist at all – and this will probably always be the case. It simply isn’t realistic to base our response to this threat on looking for them, and it may be a mistake even to try. Indeed, as the team at Forbes have argued:

"Considering how rapidly the technology and cybersecurity landscapes are evolving, it is impossible for one person, one team and even one organization to keep up with every change."

Could collaboration be the key?

So what is the answer? Well, we need to think very differently about how we hire and recruit to meet this challenge. For one thing, it may not be just about hiring new staff. There is now so much education and training available outside the classroom that some experts believe we should look within our companies for the answer, and upskill our existing workers to help meet the demand. If we do decide we need to bring people in, then we need to think a bit more broadly about the skills we want them to have, and be prepared to be flexible about specific qualifications. It has been estimated that about 30 per cent of cybersecurity professionals did not have an IT background when they came to the field. So, given the necessary technical skills can be learnt, if someone is "smart, collaborative and likes to solve problems it might make sense to consider their potential." Other suggestions include working with other companies and organisations, or ‘dipping into’ the vast pool of ‘ethical hackers’ who won’t be hired into traditional full-time roles, but who we can collaborate with through online platforms to supplement the work of our own security teams.

The key thing here – which underpins all of these possible solutions – is collaboration. Above all we need to start working together, and thinking cooperatively if we’re going to meet this challenge. We need to stop thinking of cybersecurity as the responsibility of a few people, designated to a specific individual or even team. Instead it must be seen holistically – as the responsibility of everyone within our organisation, as something to be embedded within our culture. This requires a big culture shift. We’re used to working as individuals – whether as people or as organisations – in competition with each other to gain an advantage in the market. But this thinking may be outdated for the digital age. Instead, when it comes to cybersecurity, it may be better to think of the internet not as a competitive market-place, but as part of a ‘digital commons’ that we all share and are all responsible for. It won’t be easy, but there’s no use in clinging to yesterday’s answers if we want to tackle the challenges of tomorrow.

Author -David Selway

Sign up to our bi-monthly newsletter for more insights, news, light reads and trends from the team here.


  • Humdex

It's time increase focus on those durable skills that create & support an agile business.

Desklodge Bristol office share space

Are we on the brink of a skills crisis?

A recent article from the team at Randstad has tackled this perennial question, asking: are young people developing the right skills they need for employment?

In the piece, written to mark the United Nations’ World Youth Skills Day, they note that as many as 48% of young people believe that they haven’t been taught the skills that will be needed in the workplace. Meanwhile, on the other side of the hiring line, employers are often struggling to find the right people, particularly in STEM areas, where as many as 46% are struggling to fill such roles. Skills such as problem solving, creativity, communicating effectively and making the most out of the work environment have been identified by businesses as the key entry-level skills that applicants will need in ten years’ time, and...

“...it’s crucial that we teach the younger generation what they need to know.”

These are, of course, age-old questions, but they are ones that have been given a fresh urgency and importance by recent technological changes.

The changing concept of what work is

Automation and artificial intelligence are transforming the workplace, with some jobs disappearing, whilst other, wholly new roles emerge. In particular, the types of skills that employers need is also changing. At Deloitte’s ‘Center for the Edge’, some recent discussions have been focusing on these shifts, and arguing that we need to rethink our very concept of what work is in order to adapt. Rather than thinking about a skill as being the ability to accomplish a particular task, or to operate a particular system or piece of machinery, we need to think more broadly.

“What increasingly matters…are things like curiosity, imagination, creativity, emotional intelligence, social intelligence. Those are things that are essential to addressing unseen problems and opportunities in any environment. ”

Others agree. According to Jeremy Auger – co-founder of D2L – the average lifespan of a tech skill is now just 18 months. Things like creativity and adaptability on the other hand, are ‘durable’, and can be taken anywhere. But how do we equip young people with the creativity, curiosity and adaptability they will need in the future workplace?

Is AI automation the answer?

The good news, perhaps, is that there may be far more of these ‘skills’ out there than we might think. According to the ‘Center for the Edge’, we need to stop thinking about things like imagination and creativity as abilities that only some people possess:

We all have it as humans. The issue is that for many of us, if not most of us, it got crushed, first in schools and then the work environment…but they're still there…if given the right environment and the right encouragement.

Perhaps the bigger question, then, is not a shortage of such abilities, but how do employers find and nurture them? For some, it is the technology that is driving these changes – artificial intelligence – which also has the answers. According to one report, 38 percent of companies already use AI in hiring and recruiting, whilst 62 percent expect to do so by the end of this year. But skills like creativity and imagination have become so important precisely because they cannot be automated, or replicated easily by machines. If AI doesn’t have these capabilities, how effective will it be at recognising them in people?

Creativity, imagination and adaptability

Whilst it may provide part of the answer, AI is unlikely to be the solution on its own. We, ourselves, as humans, need to get better at recognising these ‘durable’ skills, and nurturing them in our workforces. One solution might be to try to think more broadly about what skills young people might have – realising that these might be demonstrated in unusual ways that we’re not used to. Another might be to look within the company, and try to nurture and encourage these capabilities in workers who are already with us. Ultimately, the strategies that employers and recruiters will need will depend on humans and our ability to think in depth about people. If we want skills like creativity, imagination and adaptability in our workforces, we need to start showing them in our hiring practices.


Author -David Selway

Sign up to our bi-monthly newsletter for more insights, news, light reads and trends from the team here.


Letter blk.png

Sign up to our bi-monthly newsletter for more insights, news, light reads and trends from the team