Cyberattacks are becoming more frequent, leaving firms scrambling for help.
It's a supply and demand challenge. The industry lacks enough qualified talent to fill job openings.
Two experts told Insider what companies and education institutions can do to narrow the gap.
The conversation was part of Insider's virtual event "Cybersecurity Trends: Prepare For A More Secure Future," presented by Cisco, which took place on Thursday, May 12, 2022.
It's a cybercriminal's dream come true: Companies are struggling to train and recruit qualified talent to combat the increasing frequency of attacks.
But the solution isn't as simple as creating more pathways into the industry.
Instead, higher education institutions will have to prepare workers with skills directly applicable to open roles, according to Eman El-Sheikh, associate vice president of the University of West Florida's Center for Cybersecurity, who spoke at cybersecurity panel on Thursday called "Cybersecurity Trends: Prepare For A More Secure Future," presented by Cisco. At the same time, firms need to invest in career development, competitive salaries, and company climate to recruit and retain that talent, Fran Rosch, CEO of cybersecurity firm ForgeRock, said at the panel.
"We have a supply and demand challenge," Rosch said. In other words, there simply aren't enough cybersecurity professionals to meet business needs.
On the supply side, firms need access to experts trained in cyber law, behaviorial analysis, and managers ready to take on the evolving nature of cyberattacks, according to El-Sheikh. That means focusing on the key skills and certifications firms are looking for to better prepare graduates.
"We really need from the education perspective to be looking at how we develop and offer multidisciplinary programs to address the expanding workforce needs," El-Sheikh said.
But that preparation extends beyond the classroom. Bridging the gap between educational programs and getting hired requires internships and apprenticeships that give students pathways into a cybersecurity career, El-Sheikh said.
For example, through a free six-month training program at the University of West Florida, 1,700 military veterans will be trained to fill critical cyber roles over the next two years, according to El-Sheikh. It's funded through a grant from the National Security Agency.
Training, though, is only half the battle. Hiring and retaining newly trained workers has proven equally challenging.
"We don't think of it as a hiring challenge," Rosch said. "We think of it as a more holistic talent challenge."
Firms need to invest in the things employees want, like being mission-driven or emphasizing how an employee's role can contribute to a safer society, according to Rosch.
But career development and competitive salaries with benefits are also key to attracting and retaining talent, Rosch said. A need for flexibility has emerged during the pandemic as the balance of power shifted from the employer to the employee.
Employees also want firms to recruit a diverse workforce and create a more inclusive workspace, Rosch said. Plus, finding new employees from diverse talent pipelines may also be a solution to the talent shortage, according to Rosch.
"We're starting to really look beyond our normal path and that's really helped us both hire, develop, and retain our talent," Rosch said.