How HR and Security Professionals Can Join Forces to Fix the Cyber Skills Shortage

By Jeff Labrador, Ph.D.

Cybersecurity talent is in short supply and it’s set to get worse. According to The Wall Street Journal, there could be 1.8 million unfilled cybersecurity roles by 2022. Without the right talent in this critical protection role, organizations are at risk. HR professionals can help by working closely with their security colleagues to help fix the skills shortage and protect their organizations.

What needs to change?

Traditionally, cyber skill recruitment has focused on technical skills. But with technically-skilled talent in short supply, a new approach is needed. To address this challenge, industrial-organizational psychologists at IBM worked with HR and security colleagues to identify what makes a successful cyber professional. We discovered that it’s not just about technical skills. In fact, the research revealed that assessing behavioral skills could be the key to helping HR and security teams join forces to find the right talent for those critical roles within an organization.

If your company is one of the many that find it hard to recruit top cyber talent, ask yourself the following three questions:

1. Are we going beyond technical skills?

It’s a given that a great cybersecurity professional has to have strong technical knowledge. That’s something that you’re probably checking in your hiring process already, but have you ever considered what else you should be looking for? IBM’s research found that high performing cybersecurity professionals not only have technical skills, but they also have a set of key behavioral attributes:

  • Adaptable
  • Compliant
  • Dependable
  • Inquisitive
  • Resilient

If your security and HR departments are not jointly considering candidates against these key attributes you might be missing out on high performers. This doesn’t have to be an onerous task; assessments that evaluate these attributes can be a good place to start to evaluate your talent pool.

2. Are we considering people who may not have even worked in a cybersecurity role?

Think about broadening your search for new hires as you search for the right behavioral skills. HR can include potential candidates who may not have even worked in a cybersecurity role, but who have the right attributes to be able to learn the necessary skills and become a high-performer.

In fact, assessing for attributes is a more convenient way to start a search for new talent. Technical skills are important, but we know they may be hard to come by. If you target the right behavioral attributes in the first place and then teach the technical skills needed for the security tools in your organization, you’ll be able to secure the necessary talent.

The IBM Security team tried this approach when it was struggling to find new talent. Julian Meyrick, head of IBM’s Security Division in Europe, told us he found a rich seam of cybersecurity talent among military veterans: “Even though they may not have done the job before, we knew from our cybersecurity assessments that many veterans would be well suited to the roles we had to fill.”

The critical success factor for Julian was having the right assessment in place to find that once hidden talent. This isn’t something you can easily identify from a resume or CV. You need a validated assessment that is reliable enough to get you the right shortlist for interview as quickly as possible.

3. Are we evaluating talent inside our organization?

You may not even need to look externally to find the right cybersecurity talent. Employees outside of your security department may not be an obvious choice, but they could have exactly the right attributes and aptitudes for cyber roles. They will also have the added benefit of understanding your organization and might even have some experiences of being an internal customer to your cyber team in the past. Once again, an assessment that is linked to high-performing cybersecurity professionals will give you the confidence to bring in this talent and offer them a new career in your cyber team.

Read the full Smarter Workforce Institute report "High-Stakes Hiring: Selecting the Right Cybersecurity Talent to Keep Your Organization Safe" to find out more about the behaviors that define high-performing cyber talent.