This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Globally cybersecurity is in crisis not solely from a lack of skilled personnel, but also from a lack of strategic direction and companies inability to hire staff in an expedient, effective and efficient manner.
ISSA, (ISC)2, ISACA, Cisco, and PwC have all released major studies showing the cybersecurity skills gap has reached a crisis point worldwide. The number of positions to be filled vary widely from each study, but the majority of them put the gap at over a million positions by the end of the decade. One might go so far as to call it a cybersecurity skills gulf. This is not a new challenge, but one that has been developing over time.
Industry and educational institutions have moved to address the critical shortage of cybersecurity skills. Universities have launched bachelors, masters and PhD programs with cybersecurity concentrations. My alma mater, Royal Holloway, University of London launched one of the world's first master's degree programs in 1992, graduating over 2,000 students to date.
Cybersecurity professionals have responded with the creation of cybersecurity skills certifications such as the now venerable (ISC)2 CISSP, started in 1994, with more than 100,000 holders worldwide. Law makers and governments have sought to address this issue with legislation and funding.
A significant aspect of cybersecurity that has not been addressed, to the point of neglect, is the recruitment process. Cybersecurity has been identified as one of the highest growth, high salary careers over the next decade. With the proliferation of high paying, secure jobs come a flood of job seekers into every aspect of the cybersecurity market including recruitment.
I have always been fortunate in hiring good quality candidates over the course of my career. Happily, there has never been a need to fire someone that I hired. That is not a testament to me, but to the quality of the people I have hired. On occasion, I use recruiters for hiring, but the number of recruiters that I use is very small and select. Fly by night recruiters are almost as dangerous to a company as cybercriminals. For the most part, I use my own professional network and that of a few trusted colleagues to look for qualified candidates. A CISO should have a personal stake in the recruitment of his or her own staff.
My company is in the process of shutting down and I am looking for my next CISO or cybersecurity thought leadership role. I am therefor intimately familiar with the current cybersecurity job market and its idiosyncrasies. I knew my journey would be an interesting one as I haven't had to actually look for a job for over a decade, having been head hunted into my previous posts.
Sign up for Computerworld eNewsletters.