The cybersecurity workforce gap expanded by a concerning 26.2% in 2022 compared to 2021. That’s around 3.4 million people needed to ensure that the security of assets is managed effectively.

These statistics from the (ISC)2 2022 Cybersecurity Workforce Study are why the dearth of security professionals is described as a critical need, one that has to be resolved at speed to fill the gaps, manage the threats, and transform the security landscape.

As Innocent Baloyi, consultant: cloud security at Altron Karabina, points out, overcoming scarcity asks for organisations to adopt a mindset of ingenuity.

“Perhaps one of the most common issues in the industry is that organisations have high, often unrealistic, expectations when it comes to hiring security talent,” he explains. “They want degrees, years of experience and certifications and so much more, but the problem is that most candidates don’t have that experience or those qualifications so they don’t apply. The result is a circle of unfulfillment where organisations can’t find talent because talent doesn’t apply for roles they feel underqualified for.”

The solution to this conundrum lies in a shift in thinking across organisations, from finding talent that fits extensive expectations to curating talent that can grow within the business and the roles. Taking this approach asks that companies take on people with an interest in security, and with the potential to really shine in this space, and then build up their skills through dedicated in-house training.

“Another issue that’s emerging at the moment is people are increasingly opting to work for international companies because of the exchange rate and how this affects their income,” adds Baloyi. “As more and more people are drawn to the dollar and the pound, we need to create local working environments that attract and retain talented security people so we don’t lose them overseas. Again, in-house training and opportunities are key here – people given the chance to expand their certifications and skill sets will be more engaged with the company and their roles.”

Training and development aren’t just crucial to enhancing skillsets, they are an essential part of security development as a whole. Security technologies and threats are changing every day which means that security teams must have the right resources to ensure that they remain ahead of trends, threats and technologies. This focus on strong corporate culture, a clear training mandate, a solid skills development platform and obvious career growth will also help mitigate the challenge of security people chasing salaries rather than settling into their roles for the long term.

“A healthy working environment that keeps its people happy will be far more likely to retain the talent it trains,” says Baloyi. “If people are happy where they are and enjoy what they’re doing, they are less likely to be wooed away from the business. So, upskilling and reskilling talent is as much about creating a healthy workplace culture as it is about creating the next generation of security professionals.”

This aligns with creating a culture of skills development within the company. If people feel that they are rewarded and motivated for engaging in training and development opportunities, they will be more inclined to take advantage of them. Companies should also be inspiring the next generation of security personnel by providing younger people with mentorship opportunities.

“Assigning a mentor to someone new to security will fundamentally change how that person engages with the role and their future,” concludes Baloyi. “Having someone on their side who can help them manage training and overcome obstacles to growth will inspire them to take their career further, and to potentially stay within the organisation.”

It is, Baloyi believes, important to weave together all these facets to ensure that the organisation meets the security needs of the present without compromising on the talent of the future. Smart training, consistent support, clear career pathways, and a focus on empowering from within will give the next generation of security talent the space and opportunity they need to bridge the ever-widening skills gap.