The specific competencies your organization sought from new IT hires in 2018 may mean very little now. The way you spec’d out your cybersecurity job roles in 2020 will, in all likelihood, not be the way you’ll spec them out in 2022. There’s now a huge chasm between the number of open job roles and the number of people available and qualified to fill them, all while the tech needs of organizations are changing at lightning speed. This is particularly true in cybersecurity, a field that – in the UK – will require 17,500 new workers a year to keep up with today’s demands, but that has only managed to attract around 7,500 a year.
Instead of a widespread lowering of the talent bar, we’re about to witness a ubiquitous shift in how employers of all sizes and from all sectors think about and approach hiring for tech roles. This will be a shift from a reactive to a proactive strategy and one in favor of pathways that value the needs of employers and workers. This shift will, given the current cybersecurity challenges, require employers to start thinking not just about what’s ten feet ahead of them (their needs) but also what’s happening 10,000 feet above them (the needs of the sector) and all around them (workers’ and communities’ needs). Making that shift will require a two-pronged approach:
1) Rewire for a Training and Certification Mindset
Our 2021 CompTIA Workforce and Learning Trends Report highlights the "operationalization of a learning culture" as one of the five biggest tech trends of the past year and one that will persist into the future. The shift away from hiring people to investing in and certifying the employees you’ve already got is liberating since it allows you to see that the tools and talent for better tech and cybersecurity exist already within your organization. When you skill, reskill and upskill your key assets – your people – using tried and tested certifications and knowledge delivered by a trusted training partner, the lift becomes even lighter. Crucially, this strategy can work even for employers who lack massive budgets and resources.
Thanks to a concerted effort by bodies like the UK Cyber Security Council, formal accreditation and skills mapping for cyber roles can and will help ensure that cyber professionals and non-cyber professionals alike have access to the most relevant knowledge to keep their organizations safe. Cybersecurity is a part of every IT professional’s job in this day and age. There’s no need to panic-recruit in the face of new threats, data breaches and institutional restructuring in the ‘always training paradigm.’ The work to stay several steps ahead is being done, and your people are prepared for whatever happens. Not only that, but they can see that you’ve made an investment in them and their certification; with that, your retention and your organizational morale will improve.
What’s more, your teams themselves will gel better. They’ve trained together on hypothetical problems, worked together on real projects and trust the leadership at the helm who understand their value. Rather than spending their time playing catch-up and reactively responding to every IT hiccup that comes along, tech workers who train regularly can focus on learning new things, trying new things and keeping tech spaces secure.
2) Build Better On-Ramps
It is, of course, unrealistic to assume that all of your key tech workers will stick around forever. Even without a “great resignation” underway, organizational churn is a reality of the working world, no matter how strong a workplace is. Just as important as how you train, retain and incentivize your existing workers is how you bring new talent into the fold. Even in this arena, employers will do well to move away from only thinking about recruiting and hiring in the traditional sense. Smart, strategic on-ramps into tech such as apprenticeships are among the best investments an employer can make in 2022. Apprenticeships breathe new life into workplaces by empowering managers to hire from pools of people who don’t hold degrees and aren’t the “typical” tech candidates.
This approach can change the dynamic of what has become a very homogenous and under-diverse tech sector; women, ethnic minorities and non-degree holding candidates are underrepresented in all levels of cyber roles, according to a 2021 report. With newfound diversity of backgrounds comes the diversity of ideas and perspectives. Pathways like apprenticeship promote retention, in that workers who know an investment has been made in their success are likely to feel valued and take their roles seriously. In the earn while you learn model of apprenticeship, workers can benefit from a mix of theoretical learning and on-the-job, real-world scenarios. Active learning has long been shown to be a key driver of retention of information, and people who learn by doing in tech roles can thrive in this way.
3) The Shift is Inevitable…Let’s Embrace It
When employers shift away from being purchasers of talent to being investors and developers of talent, they can meet their short and long-term skills needs while solving a social impact need and alleviating a massive workforce challenge. In the new framework, organizations can shift out of perpetual tech triage mode and into a mode that enables growth, security and ideation. In the longer term, this shift may prove to be the business world’s silver lining after what’s been a very protracted and grim few years. It will also bring opportunities to many people who have been barred from entering our sector for too long. I am confident that in 2022 we’ll see many more employers make this change. Our collective cybersecurity and national tech presence will be better off for it.