With the cybersecurity talent shortage showing no end in sight, hiring managers need to start getting creative when looking to hire new security professionals. They need to start looking at men and women who, at first glance, don't appear suited for such a highly technical career. Computer science knowledge can be learned, especially if the right skillset is already there.
The cybersecurity skills shortage is getting worse. And it doesn’t look like it’s getting better anytime soon. In a recent global survey of IT professionals, ESG online found that 53 percent of organizations reported a problematic shortage of cybersecurity skills. That’s up from 51 percent last year.
The problem, to be frank, is that there simply aren’t enough people actively choosing cybersecurity careers. Improving diversity in the cybersecurity space is a critical first step in addressing the issue - at the time of writing, women still make up only 20 percent of the workforce. Yet even that might not be enough to outstrip demand.
We are in the midst of a technological renaissance. Threat surfaces are larger than they’ve ever been, and enterprise technology has undergone a downright explosive evolution over the past several years. Businesses of all sizes now face an unprecedented array of technical challenges, of which cybersecurity is front and center.
If they’re to address these challenges, they’ll need to get a little more creative. To start looking in unexpected places for cybersecurity talent. Because believe it or not, computer science isn’t the only place to find it.
Here are a few non-traditional careers and skill sets that, with a bit of work, can create some excellent security professionals.
Musician
What do a musician and a computer scientist have in common with one another? More than you’d expect, actually. As it turns out, many of the same skills that make someone a talented musician, such as attention to detail and an eye for patterns, also are traits that are useful for a security professional.
This idea isn’t as far-fetched as you’d think, either. A 2016 piece by enterprise publication Fast Company features the story of Tom Donahue, a gig musician who found his way into the security space. According to Donahue, the skills he learned as an artist were instrumental in his technology career.
“My musical skills helped me excel in the technical world,” Donahue told the publication. “Particularly security. The guys that are good at jazz improv tend to be good at technology.”
Financial Services
A head for numbers. Attention to detail and an understanding that a single mistake could cost a client billions. The ability to understand and parse vast amounts of information whilst also gleaning insights from that data.
I’m not describing someone who works in cybersecurity. I’m describing a financial services professional. People who aren’t mathematically inclined don’t tend to last long in such a field, nor do people who are incapable of seeing fine details. These skills are invaluable for anyone who works with money - and just as valuable for cybersecurity as well.
Risk Management
Granted, this one is somewhat unsurprising. Someone with any amount of experience in risk management can easily transition into cybersecurity. Whether they’re an assessor for an insurance agency or an onsite safety inspector, they’re armed with a great deal of experience when it comes to crisis management and frameworks for mitigating risk.
Sprinkle in some technical knowledge, and they could make for a formidable security expert.
Conclusion
The cybersecurity talent shortage is a huge problem. There’s no point in pretending otherwise. At the same time, a big part of the issue may well be that we simply aren’t looking in the right places for prospective hires.
At the very least, it’s food for thought.
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
In today’s data-driven world, higher educational institution networks and their management must be modernized to address the needs of everyone across campus. Enterprises face similar challenges and also need to modernize their networks.
