Strategies for funding cybersecurity training and education to bridge the professional skills shortage in the cybersecurity field
In a bid to address the growing cybersecurity professional gap, leaders from various companies and organizations are adopting a multi-dimensional approach to attract and retain qualified cybersecurity workers. This approach goes beyond offering high salaries and focusing on technical skills, focusing instead on culture, work-life balance, leadership, flexible work policies, skills development, and diversity.
MK Palmore, Director in the Office of CISO at Google Cloud, believes that through public and private collaborations, leaders can make a significant dent in the cybersecurity professional gap. Palmore emphasizes the need for intentional action to solve the issue, stating that the industry needs to put its action where its mouth is.
The Cybersecurity and Infrastructure Security Agency (CISA) is one such organization that has changed its recruitment strategies to attract cyber talent. CISA has hired over 1,300 new people since its 2021 recruitment shift, and encourages anyone interested to apply, regardless of their location in the country or whether they have a college degree.
CISA has also focused on increasing salaries and cutting red tape as part of its recruitment process change. However, the agency recognizes that the cybersecurity professional gap cannot be entirely closed within 10 years, with an estimated 3.4 million more cybersecurity workers needed to fill the current talent gap.
Companies are using a variety of strategies to attract and retain qualified cybersecurity workers. Flexible work arrangements, such as offering hybrid models, remote work options where security allows, and transparent return-to-office policies, help accommodate workforce preferences and increase retention despite security-related restrictions.
Employee growth and upskilling are also key strategies. Companies are designing tailored career development programs, internal training, and apprenticeship schemes to foster continuous learning and engagement. Burnout reduction and resilience initiatives, like part-time roles, dedicated “unplugged days” without meetings or alerts, and prioritizing employee wellbeing, directly address stress and fatigue, major reasons for attrition.
Leadership and engagement are also crucial. Enhanced leadership coaching, focusing on employee engagement and recognition programs, improve job satisfaction and reduce turnover. Broadening recruitment channels and diversity is another important strategy. Expanding recruitment beyond traditional sources to include neurodiverse candidates, women, military veterans, and other underrepresented groups builds a more diverse and resilient talent pipeline.
Partnerships with educational institutions through internships, mentorships, and course development create pipelines of qualified future workers. Employing AI-assisted recruitment to reduce bias and improve candidate matching helps attract diverse, capable candidates. Finally, treating retention as a core leadership performance indicator, not just an HR metric, emphasizes the strategic importance of keeping cybersecurity talent.
Jen Easterly, CISA Director, wrote about building a culture to attract and retain elite talent in an August blog post. Alex Michaels, Principal Analyst at Gartner, emphasized that employers are looking for qualities beyond just skills, such as business acumen, digital dexterity, agility, and interpersonal skills. Michaels also suggests anonymizing parts of the recruitment process to eliminate affinity bias.
Palmore recommends offering jobs in locations where diverse candidates are, rather than only in traditional tech hubs. Job descriptions for cybersecurity professionals can focus too heavily on specific markers of education and certification, potentially excluding potential candidates. By adopting these strategies, companies and organizations can build a sustainable cybersecurity workforce that addresses job satisfaction, personal growth, work environment adaptability, and inclusive recruitment, thereby enhancing retention beyond just financial incentives and technical qualifications.
References:
[1] CISA. (2021). CISA's Recruitment Strategy. [online] Available at: https://www.cisa.gov/cisa-recruitment-strategy
[2] Palmore, M. (2021). Building a Sustainable Cybersecurity Workforce. [online] Medium. Available at: https://medium.com/google-cloud/building-a-sustainable-cybersecurity-workforce-5d2f653b6d77
[3] Easterly, J. (2021). Building a Culture to Attract and Retain Elite Talent. [online] CISA. Available at: https://www.cisa.gov/blog/2021/08/25/building-culture-attract-and-retain-elite-talent
[4] Michaels, A. (2021). The Future of Cybersecurity Workforce. [online] Gartner. Available at: https://www.gartner.com/en/human-resources/the-future-of-cybersecurity-workforce
[5] (ISC)2. (2021). Cybersecurity Workforce Study. [online] Available at: https://www.isc2.org/-/media/isc2/files/news/cybersecurity-workforce-study/2021-cybersecurity-workforce-study.pdf
- MK Palmore suggests that through collaborations between public and private sectors, leaders can Make intentional efforts to address the cybersecurity professional gap, emphasizing the necessity to put their intentions into action.
- The Cybersecurity and Infrastructure Security Agency (CISA) not only encourages anyone interested, regardless of their location or educational background, but also has increased salaries and removed bureaucratic barriers as part of its approach to attract cyber talent.
- Alex Michaels, Principal Analyst at Gartner, underscores the importance of looking beyond technical skills in cybersecurity, emphasizing the need for business acumen, digital dexterity, agility, and interpersonal skills in potential candidates.
