EXECUTIVE SUMMARY:

With over 4 million unfilled cyber security jobs globally, organizations are not only wrestling with a severe shortage of cyber security workers, but also a paucity of those who possess essential skills.

The talent shortage has led to higher workloads for existing cyber security staff, resulting in untenable levels of burnout among staff members.

Over the next year, the compounding effect of talent-related challenges is projected to drive 25% of cyber security leaders to change job fields, potentially worsening the talent shortage.

While comprehensive initiatives are needed at the global and national levels, organizations can proactively take steps to tackle in-house talent shortages. More can be done.

Closing the staffing and skills delta

If your organization has been affected by staffing and skills shortages, pursue:

• Strategic workforce planning. By conducting a thorough analysis of current and future cyber security needs, organizations can develop comprehensive plans that align staffing requirements with strategic business objectives.  This approach enables an enterprise to hire the right kind of talent along the right timeline.
• More competitive compensation and benefits. Industry research shows that security professionals are often underpaid. Organizations need to offer competitive salaries and benefits in order to attract and retain top-tier cyber security talent. Apart from the financial remuneration, organizations can offer to pay for certifications and travel/expenses for industry event attendance. Security professionals are generally interested in continuous training and career acceleration.
• Implementation of automation and AI. Leverage these tools to augment the capabilities of existing cyber security teams, as the tools can reduce manual workloads and allow professionals to focus on completion of higher-level tasks. Generative AI can assist with aggregating security data, suggest next steps for enhancements, and even pursue automated actions, if configured accordingly.GAI can also be integrated into analytics engines to assist with items such as alert triage and security incident investigation. Ensure that existing staff are trained to work seamlessly with AI tools, maximizing the efficiency gains offered through automation.
• Elevation of the CISO role. To acquire additional budget for cyber security talent, C-level management and boards need to better understand the very real risks associated with inadequate cyber security. These days, CISOs should have a direct channel to the boardroom, as to effectively communicate the risk, standards, and metrics necessary for acquiring the right talent, as needed.
• Creation of realistic job postings. Human resource departments and recruiters often tend to post impractical job requirements for cyber security positions, such as requiring five years of experience for an entry-level role. A more effective approach, according to many, is to broaden the search by simply seeking individuals with strong analytical and problem solving skills, and then providing the necessary training.
  
• Promotion of diversity and inclusion. Develop and implement initiatives to attract diverse cyber security job candidates; including those who may need higher levels of mentorship and support, and additional security training.
• Talent pipeline partnerships. Establish partnerships with universities, technical schools and cyber security training programs to develop a pipeline of qualified candidates. If your organization is looking to become a part of the global effort to prepare today’s emerging professionals with vital cyber security skills that can protect our future, explore Check Point’s SecureAcademy.