Expert: We need to look at the talent crunch through a human-centric lens and take in non-traditional professionals.

Cybercriminals have been continually exploiting WFH vulnerabilities. The World Health Organization alone has reported a five-fold increase in cyberattacks.

Bolted-on security solutions alone are no longer enough to address modern cyber threats. IT teams worldwide are under tremendous strain. Yet, the cybersecurity sector continues to face a severe talent shortage. In Asia, the cybersecurity workforce gap is estimated to be over 2.14 million and this number continues to rise.

To address this problem, organizations around the world have been introducing programs to attract talent to cybersecurity. Recent examples have included a global graduate placement and training program by T-Mobile and the Cisco Certified Network Associate Certification and Training program to offer new IT professionals a rapid path to specialization in security. However, the deficit persists.

With an urgent need for businesses to tighten cybersecurity with sufficient skilled manpower, how can the talent crunch be addressed? How can we groom a new generation of cyber-frontline workers when they are needed the most?

CybersecAsia interviewed cybersecurity expert, Dr. Hugh Thompson, Managing Partner of Crosspoint Capital Partners, and Chairman of the RSA Conference Program Committee.

CybersecAsia: In a nutshell, what are the main challenges organizations and governments face in attracting cybersecurity talent, and what needs to be done to build the pipeline?

Hugh Thompson: In Asia, the cybersecurity workforce gap is estimated by some surveys to be more than two million, and this number continues to rise.

At the forefront of this talent gap is: the lack of hands-on experience and skills in candidates applying for cybersecurity positions. To help close this gap organizations can look at non-traditional candidates that do not have keywords such as ‘cybersecurity’ or even ‘IT’ on their resume.

Look for candidates who are analytical thinkers or who have a willingness to learn new skills. Looking outside the traditional talent pool will also help to increase diversity within teams and broaden the perspective of the team.

Organizations can also tap into new talent by working with educational institutions. For example, RSA Conference has worked with the Singapore Cyber Consortium to run a hands-on Capture the Flag program for college students during their annual RSAC APJ Conference.

This year they are hosting a session during the virtual Conference called “Hacking the Cybersecurity Job Market: A Primer for Students & Grads” which is an interactive discussion with cybersecurity professionals that helps prepare students for success.

Organizations can also help retain talent already in the industry by establishing mentorship programs to keep this group incentivized to remain in the field by showing clear and well-defined career paths.

CybersecAsia: What are the key skills in demand for the cybersecurity sector, especially amid COVID-19 and beyond?

Hugh Thompson: Cybercrime thrives in times of uncertainty, and the need for skilled security professionals that can adapt to changing environments is massive.

Look for candidates who have the knack for solving complex problems and who can bring their analytical know-how to the role. Candidates that can adapt quickly and collaborate effectively with others are good long-term bets for cybersecurity teams. Here is a video that elaborates more.

CybersecAsia: What are the immediate actions that individuals can take to get equipped with needed skills for a job in cybersecurity, and what does that look like today?

Hugh Thompson: Continuously upgrading skills to keep pace with the field is crucial for a career in cybersecurity.

This means having a mindset of constant self-learning and growth. Explore resources from organizations like ISC2, SANS and IAPP  that can provide an introduction to the world of cybersecurity and privacy and an understanding of these fields.

After a foundational understanding has been built, seek opportunities to virtually shadow other cyber-professionals to understand their day-to-day work and different  job functions. Apart from internships, aspiring cybersecurity talents should leverage virtual networking opportunities, for example, through conferences such as the RSA Conference 2020 APJ Virtual Learning Experience to connect with experts and peers to discover more about the sector.