According to the Cyber Security Talent Report from recruiting firm Hays — which surveyed more than 200 cyber security professionals and business leaders — 61% of respondents said it is “difficult or very difficult” to recruit cyber security talent while only one-half believed they are “capable” or “extremely capable” of developing and retaining cyber security talent.
“The need for cyber security professionals is far outpacing the number of qualified candidates and this will only continue to escalate with the increasing sophistication of threats to Australian and New Zealand businesses,” said Adam Shapley, managing director at Hays Information Technology.
“In a highly competitive market, organisations must also implement strategies to retain and develop their cyber security talent if they are to effectively overcome the cyber security skills shortage.”
“Employers realise they need to keep an open mind when writing their selection criteria and reviewing candidates. People with strong soft skills and a background in IT can be upskilled into cyber security,” he said.
Hays cites Nick Baty, chief security adviser, Ministry of Health New Zealand, as echoing a similar perspective in the report. “A lot of people think you need to have a technical background or an IT degree to work in the cyber security field,” he said.
“I didn’t come from a technical background with formal training, but I gained the skills and knowledge from the intelligent people around me.”
Hays said it also found that 56% of organisations access cyber security talent by upskilling existing IT staff.
And Hays notes that Peter Frochtenicht, national manager – Security and Compliance at NEC Australia, said in the report that when recruiting talent, he often upskills internal staff.
“I look for someone who is easy to manage, a self-starter that can do the job regardless of any industry certifications. If a person has a ‘can-do’ attitude, I know I can work with them and train them up very quickly,” Frochtenicht said.
In other findings the Hays survey reports that:
- Forty-eight percent said that their organisation’s cyber security team is insourced, while 40% utilise both insourced and outsourced talent.
- Half (52% and 54% respectively) of organisations surveyed believe they are ‘capable’ or ‘extremely capable’ of developing and retaining cyber security talent.
- Only 22% of organisations are collaborating with other organisations in industry training or development programmes to assist in overcoming the cyber security talent gap.
- Fifty-eight percent believe that support of management to deliver on cyber security initiatives is the most important factor when attracting cyber security professionals. This is followed by the offering of competitive or industry leading salary and benefits(43%) and the organisation being innovative and using the latest technologies (42%).