Why Talent, Not Skills, is the Key to Cybersecurity Success

Article - Security
By Ben Thompson|28th March 2023

If there’s been one constant in the ever-changing cybersecurity landscape of the past few years, it is global consensus around the lack of qualified people to do the job. 

In the US alone, there are 50% fewer candidates in the cyber space available today compared to two years ago. Globally, there are currently 3.5 million cybersecurity jobs going unfilled. And in the World Economic Forum’s Global Cybersecurity Outlook 2023 report, 64% of cyber leaders ranked talent recruitment and retention as a key challenge for managing their cyber resilience moving forwards.  

And it feels like a problem that is only set to get bigger. Analyst Josh Bersin believes cyber is the fastest-growing job market of all. Yet less than half of the country’s top 50 computer science programs include security courses for undergraduates. Cybersecurity and associated areas are still relatively new additions to the academic curriculum – and this, plus the fact that the threats and strategies for managing them are constantly evolving, makes finding the right people to fill cyber roles harder than ever. 

Add to this issues around the so-called “Great Resignation” – a survey last year from Trellix found that over a third of the global cybersecurity workforce plans to change professions in the future due to frustrations with the sector – and that talent gap becomes a talent crisis. 

A common problem

Addressing that crisis head on was one of the key talking points at GDS Group’s recent Security Summit, where some of North America’s most senior cybersecurity leaders gathered to discuss where to find the right skills – and how to develop them. 

Because even the best cyber talent still requires training and upskilling in order to stay current. And for Renata Spinks, CISO for the US Marine Corps, that means building the right organizational muscle memory to make learning habitual.  

“We have to enable true learning environments – whether those be in the classroom, through show-and-tell experiences, or through mentoring and coaching, whatever,” she told attendees in her closing keynote. “It’s about acquiring knowledge and building muscle. Because you only get better by exercising that muscle.” 

Talent versus skills

For Spinks, that means working on what she calls “reps and sets”.  

“Skills and talent are not synonymous,” she says. “Everyone has a skill – whether it’s finance, project management, cyber, engineering, you name it. Skills and can be taught. But talent comes from reps and sets. It’s your ability to implement those skills in the most effective and efficient manner, when it matters most. We constantly pick up new skills and competencies – as we go through college, take training courses, undergo certification, etc. The talent element is about making that a practising, executable action.” 

And investing in developing that natural ability will be critical moving forwards. Research suggests companies that provide a healthy learning culture and career development lead to more committed employees and improve company performance. Meanwhile, a report from Linkedin showed that 94%of employees believe investment in training and education is one of the primary reasons they would decide to stay in a role for longer.   

“You need to know where your people’s passion lie, what motivates them, how satisfied they are with what they’re currently doing,” says Spinks. “Individual development plans are critically important. If you don’t have that, you run the risk of losing that talent.” 

Upskilling and reskilling

The challenge is that there’s a talent shortage in every industry: you’re not just competing with others in your industry when it comes to attracting the best people, but with organisations in every sector and across different job functions.   

As early as January 2020, a McKinsey & Company report stated that 87% of companies worldwide would face a severe talent shortage. It’s a trend exacerbated by the Great Resignation, and is impacting companies everywhere – not least in the tech and cyber space. 

As such, Spinks believes that doing a better job of tapping into your existing talent base is key. “There are lots of individuals who maybe started out their careers on one path – perhaps on the science side, or in academia, or in any number of other areas – who now want to get more operational, but who perhaps feel there isn’t a place for them in cyber,” she says. “So how do we reach out to those people, identify where they can contribute and bring them in?” 

The goal is to make cybersecurity more accessible to a wider range of potential candidates. And this means recognising that the role is no longer purely a technical discipline. “Anyone can be a cyber warrior,” says Spinks. “Maybe you’re not a programmer. Maybe your skills lie in analysing risk. Or in navigating appropriations and budget. Or on the governance side, in ensuring the right policies get put in place. There are so many different ways people can contribute.” 

Harnessing tech in the war for talent

So how do we better understand existing skills gaps, and chart a path for both new entrants and seasoned security practitioners? According to Spinks, one of the key elements to get right is to deploy technology to make sense of where your current capability gaps lie, what skills and talents you currently have, and how those two things map together. 

“Understanding who you’re working with, what the triggers are for them to become more motivated or disengaged, is absolutely critical. And this is where people analytics comes in.” 

She’s also a big fan of using automation to help alleviate the burden on existing staff, and ensure the work they are tasked with doing is more stimulating. “Automation has a big role to play,” she says. “Repetitive tasks are something we’re looking to automate, but areas where we need decision-making that is critical to loss-of-life, loss-of-limb or loss-of-data – that’s where we ensure we still have humans in the process.  

“We shouldn’t ever think of automation as a way of replacing people. It’s about helping us to meet that skills and capabilities shortage – and in fact, it’s the only way in which we’ll ever be able to do that.” 

Indeed, meeting the current talent shortfall – whether through more training or more automation – will be key. ISACA reports that 45% of employees in the security space cite “high levels of work-related stress” as their main reason for quitting. This is a hugely rewarding, but also incredibly pressurized, industry – so finding ways to better support our staff will be critical moving forwards. 

GDS Summits are tailored three-day virtual events that bring together business leaders and solution providers to accelerate sales cycles, foster industry conversations and drive better outcomes. 88% of attendees said the overall experience of the Digital Summit they attended was ​above average or excellent and 88% of solution providers said they would be interested ​in sponsoring future events.​ 

For more, click here to hear from attendees on how GDS has helped them to achieve their business outcomes. 

By Ben Thompson|28th March 2023
Back to insights

Related content

Security
Podcast

Behind enemy lines: Hackers vs. AI security

Join us as we learn from hacker Gordon Long, Senior Offensive Security Engineer at Zoom on how hackers are using AI to their advantage.
17 minutes
Find out more
Security
Article

Navigating the security landscape: Key takeaways from the Digital Summit

In the evolving world of cybersecurity, gathering key industry leaders and professionals to discuss the latest trends and challenges is invaluable.
5 minute read
Pal Prekaj
Find out more
Security
Podcast

Why your cybersecurity needs nexgen pen-testing

Learn from Robin Fewster, the Senior Security Testing Manager at Hargreaves Lansdown, on the evolution of cyberattacks.
20 minutes
Find out more
Security
Article

Win from within: growing exceptional security professionals

Learnings from Jay Wiley at the GDS North America security summit
6 minute read
Colin Cosell
Find out more
IT
Stories

Pipeline generation and unlocking the c-suite for Deep Instinct

Find out more
Security
Podcast

Cyber Insurance: Are You Becoming Uninsurable?

Find out more
Security
Podcast

Conversation With a Hacker

Welcome to season 3 of Strategy for Breakfast! We’re kicking things off with an exclusive conversation with a real-life HACKER!
20 minute
Find out more
Security
Article

You Clicked a Malicious Link.Now What?

Hackers. Whether you own the company or you just work there, we’re all in their crosshairs.
Kelley Iuele
Find out more
Security
Article

6 Information Security Challenges Facing the CISO in 2021

2021 is a year for proactive security leadership and operations. Here are 9 cyber experts on the key to realizing success.
GDS Author
Find out more