Skills gap or hiring problem? It’s time to bridge the security gap

18 Aug 2020

The need for cybersecurity professionals is quickly outpacing supply, as cyber threats continue to grow in sophistication and frequency.

Research from (ISC)² estimates a worldwide cybersecurity skills gap of almost 3 million, with about 2 million of these positions in the Asia-Pacific region alone.

In Australia, AustCyber says nearly 17,000 additional cybersecurity workers will be required by 2026.

But the problem isn’t limited to a perceived lack of skills. Hiring is also a cause for concern.

In Hays’ Cyber Security Talent survey, the majority of respondents said they found it ‘difficult’ or ‘very difficult’ to find and recruit cybersecurity talent.

With growing concern around data protection and compliance, demand for security professionals is only likely to rise.

So how can organisations bridge the security gap?

Here are some ideas for attracting and retaining the right talent to enhance your cyber workforce.

Skills gap or hiring problem? Practical tips to bridge the security gap

Demystify and evangelise cybersecurity

For too long the media has portrayed the cybersecurity specialist as the hooded hacker, sipping soda, writing scripts and code in the basement.

Another common assumption is that security pros need to be highly technical; that a love of data and numbers is a prerequisite for any role in the security arena.

While many cybersecurity professionals are technically minded and work in technical roles, these portrayals are limiting and only undermine the reality of what really is a multifaceted profession.

With attacks increasingly targeting humans over infrastructure, cybersecurity is as much about social science as it is about technology. Where a candidate might lack in IT certifications they may make up for in emotional intelligence, curiosity, adaptability, communication skills and willingness to learn.

IBM’s New Collar Certificate Program is based on this very premise, touting “It’s not about degrees, it’s about skills.” Marc van Zadelhoff, formerly of IBM, writes about the program in this Harvard Business Review article.

Effective cybersecurity demands a range of technical roles, from architecture to operations, and non-technical roles that combine elements of law, risk, communications and psychology.

By demystifying cybersecurity through education and awareness, organisations can do away with outdated misconceptions that only deter potential candidates for the very roles that need filling.

Break down barriers to entry

With so much demand for cybersecurity workers, organisations and education providers can help close the gap by removing some of the barriers of entry.

Making cybersecurity education more accessible and multidisciplinary is a good starting point.

Fortunately this is already starting to happen; about half of all universities in Australia now offer cybersecurity as a specific degree or as a major in IT or computer science qualifications. Another quarter offer at least some cybersecurity course units.

Online providers, IT organisations and security vendors are also playing a role in reducing entry barriers, with many collaborating to offer a range of security courses.

These courses range in complexity, length, cost and target audience, enabling even those without an IT background with a steppingstone into the profession.

But of course education is just one part of the equation. Organisations can play a role by offering clearly defined career pathways, championing diversity and partnering with organisations dedicated to growing the security workforce.

CompTIA strikes the perfect balance, offering a wealth of resources, content, certifications and opportunities for individuals to kick-start their career in the industry.

The Australian Women in Security Network is another great example, helping to connect, inspire and empower women in security across Australia.

Think outside the box

While some organisations are looking inside their walls to increase their security capabilities, others are targeting untapped talent pools.

Take WithYouWithMe as an example. The academy was founded by ex-military veterans who set out to align the right skills with the right roles in understaffed fields, such as cybersecurity.

The academy uses aptitude and personality testing to identify each candidate’s core traits and potential suitability for ICT roles.

Targeting recent military retirees has proven a successful strategy in attracting the talent and attitude needed in security.

In an article with Information Age, WithYouWithMe CEO for ANZ Tom Larter says military workers “have the right attitude and culture to work in cyber.”

“They’re leaders, they have a long working life ahead of them, and they already possess some of the soft skills that employers are looking for. All we need to do is to give them the hard skills for the job,” he explains.


Closing the security gap won’t be a small feat.

But by demystifying the profession, breaking down entry barriers and thinking outside the box, we can start to attract and retain the talent we need to stay secure.

At Arrow, we are passionate about delivering technology and enablement to help businesses protect their critical infrastructure and data.

Our Channel Services and Professional Services are designed to supplement your existing resources and to accelerate your success.

Learn more about our services capabilities and how we can help you to become your customer’s greatest defender.