Tips for addressing the cybersecurity skills gap

Sept. 8, 2023
Organizations need to focus on culture, upskilling and reskilling to close the cybersecurity talent gap.

According to the World Economic Forum, 3.4 million cybersecurity experts are needed to support the global economy, but organizations are struggling to fill that gap.

It is an environment where risks are on the rise both because of the continued nefarious actions of bad actors seeking to breach systems and steal company and customer data, and because of the rapid increase in remote work.

Cyber talent is in high demand but in short supply. What are organizations to do?

Organizations Have Options

There are two options available to organizations seeking to close the cybersecurity talent gap:

  • Recruit talent
  • Upskill and reskill existing talent

Both, in combination, can help organizations maintain bench strength in this critical area. But they must have the right culture to attract and retain such talent; support a robust training and development program to keep cyber talent pipelines strong; and provide open and transparent access to communication and resources.

A Supportive Culture

Employees with cybersecurity backgrounds and skills have the upper hand when it comes to choosing where to work—and whether to stay on the job. They have other options, and they will choose them if they find their current workforce culture not supportive.

Today’s workers want flexibility—the kind of flexibility that many became used to during the pandemic. This type of work is work that can be done from anywhere, so flexibility is an option—and cyber talent knows it.

Robust Training and Development

Employees will always identify opportunities to learn and grow as a top driver of a great work culture.

Training opportunities can and should take a variety of forms to meet varying employee needs and interests. This can range from traditional training in face-to-face settings with coaching, to on-demand training available asynchronously. Training might involve:

  • Reimbursement for taking night classes at colleges—or online.
  • On-demand training webinars.
  • Micro-learning—small bites of learning that can be accessed from anywhere, anytime.
  • Train-the-trainer—offering employees the opportunity to learn and then train others which can be a great way to ensure knowledge transfer.

Because technology and cybersecurity are frequently changing, it is also important to provide employees with opportunities to participate in trade and professional organizations that can help them stay abreast of new developments, build networks, and attend in-person and online sessions.

A strategic focus on training and development offers opportunities to upskill and reskill existing staff to create and maintain a pipeline of talent to fill open positions. In addition to traditional training, these efforts should include development opportunities that might involve shadowing other employees, taking on stretch assignments, or serving on teams and committees to provide exposure and experience in cybersecurity.

Open and Transparent Communication

Keeping lines of communication open between employees is critical to supporting a strong culture and to remaining aware of issues and needs among not only cyber employees—but all employees. Understanding which employees might be interested in developing skills in this area can help feed your pipeline. Understanding the needs, concerns, and areas of interest of those already working in cybersecurity can help minimize dissatisfaction, lack of engagement, and turnover.

Direct supervisors and managers are the first line of defense here, but they’re not the only members of the organization that need to participate in ongoing and transparent communication. IT and organizational leaders, as well as HR and learning and development staff need to also stay in touch with employees to understand their changing needs and interests.

Despite all these efforts, of course, there will be times when the organization will need to turn outside for talent to help address cybersecurity needs. Having a strong culture, learning opportunities, and open communication will help here. But those important points need to be communicated and recruiters need to think creatively about how to attract and retain this talent.

Review Acquisition Materials

If you have not reviewed your talent acquisition communication materials lately, now would be a suitable time to start, with a special focus on the messages that external cyber talent may be seeking.

  • Does your website clearly convey your strong culture and support for cyber talent?
  • Do your recruitment materials refer to that culture, ample learning, and development opportunities, and how the company stays alert to top technology and cyber trends?
  • Are you exploring non-traditional recruitment channels to identify talent—LinkedIn Groups frequented by security professionals, university programs, specialized publications, etc.?
  • Are you leveraging your existing cybersecurity talent in your search efforts? Their network is likely to include potential employees and referrals remain a strong way to find qualified talent that is likely to be productive and loyal.

The demand for cyber talent isn’t going away anytime soon. Companies of all types and sizes need to proactively take steps to strategically focus on culture, upskilling and reskilling, and recruitment to retain their bench strength in this area.

About the Author: Ani Banerjee is Chief Human Resources Officer for KnowBe4, provider of the world's largest security awareness training and simulated phishing platform used by 60,000 organizations. Banerjee oversees human resources operations across 11 countries and is responsible for developing new initiatives to enhance the company's organizational culture, recruitment channels, and diversity, inclusion, and equity (DIE) strategies. He has 30 years' experience in global HR leadership roles working for VMware, Dell, Yahoo, and AOL. Contact Ani at, or [email protected].