Protecting information from hackers is often a priority at companies these days, as businesses move away from local systems and into the cloud, but the shortage of cybersecurity talent could complicate that effort and is prompting cybersecurity companies to redouble their efforts to identify, recruit and retain qualified employees.
The International Information System Security Certification Consortium, a nonprofit group specializing in training and certifying cybersecurity professionals, estimates a likely shortfall of 1.5 million cybersecurity professionals by 2020. And that number could more than double by 2021.
Although nearly 750,000 people are employed in cybersecurity positions in the United States, 286,000 openings currently exist, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education.
This means cybersecurity companies must compete robustly to acquire experienced talent while meeting the expectations of a millennial workforce that appears more interested in work-life balance than previous generations.
At Unisys, a global information technology company based in Blue Bell, Pa., with more than 20,000 employees (250 in the security-services group and on related teams), that means treating employees as individuals, not numbers. At Thycotic, a cybersecurity company in Washington, D.C., with 200 employees, it means being agile, quick and proactive, concentrating on benefits rather than salary.
Jonathan Goldberger, head of the security-services group at Unisys, which offers cybersecurity analytics to identify threats and prioritize actions, says the focus is on finding employees with social skills who have always liked dabbling in tech.
“We look for people who have done consulting. They can learn the technical skills. Communication skills are harder to come by,” Goldberger said, adding that it’s important for Unisys employees to have a bedside manner that enables them to communicate with clients, especially when there’s a security issue involved.
“Everyone puts on their resumes that they are a great communicator. You can’t talk to a brick wall. It’s so much easier to teach technical skills than to teach social skills,” Goldberger continued. “If I find an individual who is in business but as a hobby enjoys coding, [I’m happy]. I want to see self-awareness and patience. I want to see the individual asking clarifying questions and see the ability to work through business challenges.”
Goldberger said Unisys has a vigorous interview process to determine just how well a candidate communicates with different types of people. What a candidate studied in school — not necessarily what he or she got a degree in — is taken into account, as are interests outside of work.
Once someone is hired, “we help them grow with the organization,” Goldberger said. “We make sure our employees are growing whether it’s their technical skills or a career field like speaking or writing. We work out an education plan with them, and they work with professionals two weeks a year [to learn new skills].”
Goldberger said Unisys recruits both recent graduates and older workers, and employees stay with the company because “they are appreciated, paid well and have the opportunity to grow and develop with the organization.” They also are promoted internally.
“When someone does something well, we make sure senior management knows about it, knows they’re doing good work. When people have children, we make sure we call them and talk about them. We’re flexible when problems arise,” Golderberger said.
Thycotic, which sells the enterprise password-management software Secret Server, takes a slightly different approach. Michelle Hayes, vice president of human resources, said the company does not rely on paying top dollar to recruit talent. Rather, Thycotic offers flexibility.
Of the company’s 200 employees, just 60 work onsite at the U.S. headquarters, and 40 are overseas. The rest work remotely, generally from home offices, Hayes said.
“Being in Washington, D.C., is a challenge,” Hayes said. “A lot of cyber experts are in Silicon Valley or elsewhere on the West Coast. We end up doing a lot of remote hiring and flexible arrangements to get the talent we want. They work from home and commute to D.C. once a quarter.”
Thycotic also depends on its employees to recruit new employees, providing $2,000 bonuses to the recruiter once the newcomer has been on board 90 days. The result is that half the company’s employees were recruited by their peers.
Hayes said the company’s culture is its greatest asset when it comes to retaining talent.
“We try to maintain that quick, proactive approach to things, keeping the collaboration. We try not to develop too many processes that require red tape,” Hayes said.
The company pays for employees to attend industry conferences and trade shows, among other perks. “We have a really solid benefits program. We promote work-life balance and respect people trying to get time with their families. We provide time off to do that.”
Thycotic has been around for 10 years but until two years ago had fewer than 20 employees. That all changed in 2015 when a venture-capital firm made an investment, and Hayes said the company projects it will have 500 employees in about five years.
“Our biggest challenge is finding talent in the time frame to keep up with our growth,” Hayes said. To that end, the company mines industry conferences and reaches out to universities.
Both Unisys and Thycotic are concerned about diversity, and Thycotic’s Hayes said it’s particularly difficult to find women interested in cybersecurity.
“Inclusion and diversity are important for the value and quality of the solution,” Unisys’ Goldberger said. “We’re focused on as much inclusion and diversity as possible. We look at different groups to identify and find future talent. When trying to fill a specific role, we’re looking within the organization, as well as in different networking communities, to try to fill with more diversity. It’s important from an internal organization success viewpoint and for delivering to customers.”
Goldberger said organizations need to be cognizant of the need for diversity and vigilant against the inclination to go back to old habits.
“You want to always use that different approach to looking for talent in different places, making sure we’re tapping into different networking communities,” Goldberger said.