What’s behind the cybersecurity talent shortage?

To collectively resolve the cybersecurity talent shortage, it can be helpful to understand why it exists in the first place.

• Insufficient educational programs - In many parts of the world, cybersecurity is a component of technically-focused college-level IT programs—and is treated as a skill-based course individuals can take after they earn their degree. In some jurisdictions, you can obtain a standalone certification in cybersecurity, but it’s not considered a university program.
• Misperceptions about the industry - As cyber threats have evolved so, too, has cybersecurity—and, as a result, the awareness level around what this profession entails varies greatly. Many senior leaders, for instance, still believe cybersecurity is primarily a highly technical profession, and aren’t aware that it can also include many non-technical roles
• Cultural barriers - Misperceptions around cybersecurity impacts the number of people pursuing such careers as well as the types of people organizations hire. But these misperceptions are by no means universal and differ from country to country.
• Working conditions - In some jurisdictions, cybersecurity has a reputation for being a low-paying job with long hours and few opportunities for career advancement. In a recent Deloitte survey, 27% of respondents acknowledged that the cybersecurity profession lacks clearly defined career paths, 23% said they lacked learning and development opportunities, and 30% felt compensation and incentive plans weren’t keeping pace with the market
• Gender inequality - Like many Science, Technology, Engineering, and Math (STEM) workforces, cybersecurity is predominantly male dominated, resulting in a self-perpetuating gender gap. Due to gender inequality in the field, many women drop out of STEM programs before ever entering the job market.

Closing the gap

While many organizations across the globe are grappling to find adequate cybersecurity talent, a small fraction are beginning to differentiate themselves in the marketplace.

• Get more involved in academia - Right now, academia tends to treat cybersecurity as a supplemental skill—something you acquire after a degree—rather than a Tier 1 educational program. To deepen the cybersecurity talent pool, this must change.
• Broaden your horizons - Successful cybersecurity teams are strengthened when team members have diverse disciplinary backgrounds. As such, it makes sense to broaden recruitment efforts and introduce cybersecurity to individuals who may not view it as a traditional career option.
• Challenge misconceptions - If cultural barriers and misconceptions are preventing individuals from applying for cybersecurity roles in your region, it may be time to explore the root cause of those barriers and devise a marketing strategy to overcome them. This will involve reflecting on the needs of the local talent pool, their perception of your business, and the talent narrative you’re telling.
• Explore new geographies - While some major cities struggle with talent shortages—particularly where large banking centers, technology hubs, and public sector organizations are located—there are countless smaller cities that have a wealth of idle talent. By building capability in smaller suburban areas, organizations may find they have the pick of a wider talent pool.

How Deloitte attracts top cybersecurity talent

• Internship programs and sponsorships - In Australia, Deloitte partnered with the state government to sponsor a cyber academy. Through this program, the government subsidizes approximately 40 university students each year to work with Deloitte and our clients and acquire valuable hands-on cybersecurity experience.
• Professional training bootcamps - The Deloitte office in Brazil recently completed its second cybersecurity bootcamp. Through this program, Deloitte Brazil provides cybersecurity training to a few hundred professionals.

The path forward 

Finding cybersecurity talent is challenging for many organizations right now—but, contrary to popular belief, the problem isn’t only a talent shortage. Rather, it’s how organizations approach the talent search and how they’re defining the ideal cybersecurity job candidate.

To learn more about how Deloitte can help you build effective cybersecurity teams, contact us.