Exploring innovative strategies to bridge cybersecurity skill shortages
Addressing the Cybersecurity Workforce Gap: Enterprises Evolve Hiring Practices
The cybersecurity industry is facing a significant workforce gap, with over 500,000 jobs unfilled in the U.S. alone by 2025 and worldwide deficits reaching nearly 4.8 million positions [1][3]. To combat this shortage, enterprises are adopting novel measures, focusing on non-traditional hiring practices and upskilling programs to build a more flexible and capable workforce.
Broadening the Talent Pool
In response to the pressing need for cybersecurity professionals, organizations are increasingly recruiting nontraditional candidates and those with transferable skills [2]. This approach expands the pool beyond typical cybersecurity grads or seasoned professionals, attracting talent from related fields or candidates who may lack formal cybersecurity backgrounds but possess relevant analytical or technical skills.
Some enterprises focus on entry-level hires and apprenticeships to combat the lack of early-career professionals, given that over 30% of organizations currently have no entry-level cybersecurity staff [3].
Upskilling and Cross-Skilling Programs
Cross-skilling has emerged as an innovative strategy, where employees are trained to handle complementary skills adjacent to their primary expertise, increasing workplace adaptability and operational resilience without necessarily transitioning to entirely new roles [4]. Training programs are designed to help existing employees expand their capabilities across multiple technologies and domains, reflecting the interconnectedness of modern cybersecurity tools and strategies. This approach supports creating cross-functional teams better equipped for today’s evolving threat landscape [4].
Given the rising complexity of cyber threats and a stalled workforce growth rate (0.1% year-over-year), many enterprises also invest heavily in continuous education and on-the-job training efforts to upgrade current cybersecurity personnel’s skills rapidly [3].
The ISACA report and the latest ISC2 Cybersecurity Workforce Study indicate that soft skills, including communication, are in high demand in the cybersecurity industry [1]. Security experts agree that the industry may need more novel measures to help fill the cybersecurity workforce gaps [2]. Clar Rosso, CEO of ISC2, does not see AI displacing the workforce but rather changing the types of jobs people do, emphasizing the need for non-technical competencies [1].
In an AI-driven world, there will be increased demand for skills related to the safe and ethical use of AI within organizations and risk management more broadly [1]. Enterprises recognize that traditional hiring alone cannot fix this gap; therefore, rethinking talent development through non-traditional routes and skill expansion is key to enhancing cybersecurity readiness [4].
Partnerships between business and government agencies that train people in cybersecurity are emerging, with organizations like Oracle supporting government initiatives in Singapore and providing a range of free training and certification programs [5]. Baybeck believes the collaborative approach is a win for everyone and can target where the skills gaps are most pronounced, particularly in cloud computing, security controls, coding skills, and DevOps [5].
In summary, enterprises are tackling the cybersecurity workforce gap by broadening hiring criteria beyond traditional candidates and by implementing cross-skilling and upskilling programs to create more versatile, effective security teams capable of adapting to rapidly evolving cyber threats [2][4][3]. Hiring managers may start to prioritize candidates with risk assessment, analysis, and management skills, as well as non-technical skills such as problem solving, curiosity, effective communication, critical thinking, and analytical thinking [1]. Organizations are recognizing different ways for candidates to prove their knowledge and skills, including hiring less experienced people who can continue building their skills while also becoming familiar with corporate culture and objectives [6].
- To effectively address the rising cybersecurity workforce gap, enterprises are expanding their hiring criteria, focusing on non-traditional candidates and those with transferable skills, particularly those with risk assessment, analysis, and management skills.
- In the rapidly evolving cybersecurity landscape, enterprises are prioritizing candidates with broader skillsets, including non-technical competencies such as problem-solving, communication, and critical thinking, in addition to upskilling their current workforce through cross-skilling and continuous education programs.
