Building Cybersecurity Teams in a Skills Crisis

As the UK experiences possibly the worst ever labour shortage, the technology industry in particular has been hit particularly hard with cybersecurity roles now among those highly sought after. The situation is becoming ever more acute, according to a new report by global recruitment firm Harvey Nash which reports that the UK’s cyber skills shortage has increased by over a third in the last 12 months. The study found that cybersecurity is the most in demand tech skill in the UK with almost half (43%) of the 823 UK digital leaders surveyed declaring a shortage of cybersecurity experts.

The shortage of these professionals has a direct impact on cybersecurity teams, as well as on the security of assets and information. A Government study also highlights the skills shortage, with the UK’s cybersecurity recruitment pool experiencing an estimated shortfall of 10,000 people a year. In many organisations, existing teams must cover their work in addition to that of workers struggling under the pressure. The situation calls for an intelligent approach to hiring strategy.

This need is exacerbated by the rapid increase in digital transformation investment, as a Gartner survey reports – 58% of IT leaders are planning to increase emerging technology investment through 2021. The survey also reports that resilience and improving critical IT infrastructure are top priorities among technology leaders in 2021. Therefore, IT departments are facing real challenges to find the right skills, re-skill and retain their cybersecurity talent, while all the time cyberattacks are growing in sophistication and frequency. It’s a valid concern that this depletion of skills will impact organisations’ threat prevention and preparedness for attacks, as a robust team is vital to keep ahead of the rising intelligence of threat actors.

With the new hybrid work structure of this digital age – the need to build infrastructure that can support a fully virtual workforce – new users, apps and devices are constantly being added to tech ecosystems. The relaxed approach of workers as they gradually return to the office and work remotely is resulting in organisations taking their fingers off the pulse of security threats. Therefore, building a strong cybersecurity team is paramount to minimising risk and building business resilience.

Looking within your organisation to reassess existing culture and recruitment practices is critical to ensure you’re at a level where you can compete for valuable talent. Technology teams must have a strategic focus on building and maintaining a workplace culture that attracts and retains cybersecurity professionals. So how can employers improve their prospects of securing and maintaining this essential team of experts? There are four main steps to develop the ideal culture and recruitment practices to be able to draw on this talent pool:

  1. Instil a strong sense of self-belief and pride in your team

There’s nothing like fostering a culture of positivity and confidence within the security team to build a sense of pride that will attract others. This must come right from the top, from leadership self-belief, filtering through to the cybersecurity team. In sharing a common purpose, and team successes, so that they understand how they are protecting the organisation, workers will feel empowered, invested in, and valued. Each employee will understand how their role fits within the bigger picture, and their personal contribution to the team. This sense of purpose is becoming bigger in business than just making money so ‘bigging-up’ the team will create a positive culture that security experts will want to be part of.

  1. Define your culture

While various factors will influence a candidate to want to talk with an organisation, such as its products, location, or benefits, they are likely to research the office culture to see if it’s a potential fit.  A great culture fit is most likely to maintain employee loyalty long-term and is worth communicating this culture in job ads, case studies on recruitment pages of the website and via blog posts so that ideal prospective candidates understand what the business is all about and decide if they identify with the culture.

Take a reality check – is the culture making current employees feel valued? Will it nurture their talent, and do they feel part of something important? A positive working environment which acknowledges their potential, helps them to attain career goals, and gives continuous motivation will build loyalty for the long-term.

Culture is key for all employees, regardless of the workspace location being on-site or remote-based. All should feel engaged and it’s vital to use technology to enable effective team collaboration. Considering the tools and techniques you use to build your engagement and culture for a remote workforce is important.

  1. Be active in the recruiting process

Both large corporations and small and mid-sized businesses (SMBs) are equally experiencing a struggle to hire workers during a labour shortage but require different approaches.

Large corporations typically have dedicated HR and recruitment teams. But it’s a risky proposition to rely on them to do the work alone when they are not close enough to the action. Employing a more personal, relationship-based approach will be a key driver to find the complex sets of skills required. This means engaging the existing teams in networking to make things happen.

Meanwhile SMBs might be more pressurised without a dedicated HR team, and need to work with external recruiters. This puts pressure on them in their existing roles and involves a bit more groundwork through online research and social media to seek out these skills.

Building connections on LinkedIn to get to the talent is going to be a great start to make some introductions and find out what potential recruits are looking for. It’s all about being active and engaging directly to create a dialogue with security experts.

  1. Keep the pedal down

Talent often appears unexpectedly through relationships and networks, and it’s advisable to find groups to join on LinkedIn which could lead to finding specific skills. By proactively keeping the pedal down in ‘hiring’ mode, you’ll come across a breadth of talent and therefore avoid a knee-jerk reaction to find security professionals from a standing start when the need arises.

Taking the challenges in turn to re-affirm belief, build an attractive culture, and formulate a clear recruitment strategy, will prove effective, but remember that this is a long-term approach and will require dedication and patience. Setting out a plan with one, three and five-year goals will help to ensure there are achievable objectives to work towards. Be clear in what the skills needs are today and for the future to close the gap in finding candidates.

The plan must start today to become the calibre of business that ideal cybersecurity candidates choose to work for. And as you do all of this, never forget to invest in the people you already have. They have already chosen to be a part of who you are, so work with them to build tomorrow.

Drew Sanford

Drew Sanford is Vice President, Global Security Operations at ConnectWise.

Unlocking productivity and efficiency gains with data management

Russ Kennedy • 04th July 2023

Enterprise data has been closely linked with hardware for numerous years, but an exciting transformation is underway as the era of the hardware businesses is gone. With advanced data services available through the cloud, organisations can forego investing in hardware and abandon infrastructure management in favour of data management.