\u201cTalent shortage\u201d, \u201cskills gap\u201d, \u201cemployee burnout in cybersecurity\u201d, \u201chigh turnover rate\u201d \u2013 as a cybersecurity professional, you must be familiar with these expressions, for better or for worse.<\/p>\n
You may have seen the big headlines pointing out talent shortage issues in the latest news – that is sadly not a fake news. The talent war really exists in the cybersecurity market. Over the past months, we read numerous articles, academic papers, reports on this emerging subject; we discussed with CISO and Talent Managers (a real full-time job!) and the 3 main challenges remain the same: how to recruit, manage and nurture our talents?<\/strong><\/p>\n In this article, we have compiled the different situations, our observations, and the initial lessons we can draw from the actions put in place to meet these challenges.<\/p>\n \u00a0<\/strong><\/p>\n Beyond just filling the roles, it is essential to gain a strategic vision of the skills to draw up a sustained cyber division. Your mantra for this stage must be: \u201cGetting the right people for today\u2026 and tomorrow!\u201d.<\/p>\n When people\u2019 skills match their roles, tasks are performed efficiently, with everyone contributing to a more (cyber)secure organization.<\/strong> I doubt anyone will contradict me here, but it’s often easier said than done.<\/p>\n Here are the first questions you can ask yourself to get moving in the right direction\u2026<\/p>\n Do you know what you need? Have you defined all the cyber activities you need to run? Have you defined your \u201cmake or buy\u201d (internalization vs outsourcing) strategy? Have you identified the skills and the people needed to run these activities?<\/p>\n This is a non-exhaustive list of questions that as an organisation you should ask yourself to better capture your need and know your people before launching a roadmap of actions.<\/p>\n Knowing your need and team is important as it: (1) helps for task allocation: <\/strong>before, cyber teams were smaller, therefore, versatility was crucial. Nowadays, bigger cyber teams make specialization possible and facilitate the optimization of complementary skills (2) helps to<\/strong> target training and development<\/strong>: having a clear vision on your team and its activities helps you identify skill gaps and provide the appropriate training and development opportunities to the people who need it the most. With the identified missing skills in one hand, and the identified needs in another hand, you can start seeking for your ideal candidates thanks to a job offer that speaks volumes (but don\u2019t look for purple squirrels, they don\u2019t exist)!<\/p>\n Keep an eye on the upcoming insights and focus on the cyber job descriptions topic! 😉<\/p>\n \u00a0<\/p>\n That is to concretely explain what cyber is and what its activities are. #transparency<\/p>\n Based on the discussions with CISO and Talent Managers, being transparent on the job description works and gives people a sense of belonging and purpose, which in turns promotes a better teamwork.<\/p>\n Let us share some concrete and easy actions that you can do to get things moving:<\/p>\n \u00a0<\/p>\n Cybersecurity is still an obscure topic for those outside the cyber world. To fix that, everyone needs to start explaining what they do.<\/p>\n \u00a0<\/p>\n By now, you must know that it\u2019s a great asset to know who your team is, who your people are, who you really need to run the cyber activities, to have a great branding to attract people. But what will make the difference in the long run is to take good care of your people by offering a safe work environment and giving perspectives of evolution. When what is coming next is clear, it is easier for the people to project themselves in the company in the years to come.<\/p>\n And before taking care of their people, CISOs also need to take care of themselves. 40% of the CISOs say that they experience \u201chigh-stress\u201d on a daily basis and 28% of them are close to burn-out (Cyber Workforce Study, ISC\u00b2). Tough to take care of people if you don\u2019t take care of yourself first\u2026<\/p>\n To avoid this, CISOs need to build a trusted relationship with their top management in order to be able to define the strategic objectives, prioritize the activities, obtain the resources, etc. And it is essential to know how to surround themselves with reliable individuals to delegate tasks and create an effective operational strategy.<\/p>\n Recruiting is just the beginning of the journey; nurturing is the ultimate goal.<\/strong> Nevertheless, organisations tend to forget (neglect<\/em>) this last, but perhaps most important point. It\u2019s like getting an ISO 27001 certification, quite easy (of course, it requires work!) but maintaining it, is the real deal.<\/p>\n In order to provide perspectives for team members, we need to establish career paths with their \u201cpathways\u201d and the means available to evolve on these paths: skills required per job and key milestones, training catalogue, internal mobilities, personalized evaluation process, etc.<\/p>\n Nurturing your talents means helping them to develop and strengthen their skills\/capabilities through trainings<\/strong>, teamwork with colleagues or with cyber associations, giving them perspective<\/strong> of evolution\/growth within your company. As a human-being, we need to know where we stand and where we are going, we need a vision to get us moving (in our life #existentialcrises).<\/p>\n If we take the example of the Maslow\u2019s hierarchy of needs, people need to have a sense of belonging and feel that they are useful. Thus, part of nurturing talents also means creating a \u201cteam spirit\u201d<\/strong> via rituals. It is not a secret that a friendly work environment\/atmosphere is a crucial criterion when choosing a job and can increase people\u2019 productivity by 12% (University of Warwick, UK), especially for young people nowadays.<\/p>\n Giving perspective of growth\/evolution is essential, especially for experts. Many organizations still view management as the only path to success, but in certain sectors like industry, we can observe a shift. Expertise is increasingly valued as an alternative success route to management; some may combine both, but it is not a necessity. Therefore, expertise circles are key to give recognition to experts in and outside of their organisations – give them the opportunity to attend specific cyber events that can also enables them to grow their network and acquire more skills.<\/p>\n In a nutshell, attracting and nurturing talents take time, and talent recruitment emerges as a pivotal element in corporate strategies. By embracing diversity and promoting gender convergence, we venture into new dimensions to build robust, thoughtful, and resilient teams.<\/p>\n We aim to open the cyber field to those unfamiliar, fostering diversity, and creating vocations. Let’s reach out to people; and let’s not wait for them to come to us.<\/p>\n \u00a0<\/em><\/strong><\/p>\n We have created a benchmark tool to explore this multi-faceted topic (along with the ongoing research) and assess organisation\u2019s maturity. Reach out to us if you would like to be part of it! We would be very delighted to share with you the good ideas we have collected on the market\u2026 and the traps to avoid.<\/p>\n Unicorns <\/strong>(don\u2019t misunderstand me, I am not talking about start-ups), Purple Squirrels, Ninja, Rockstars, don\u2019t exist but if we combine diverse profiles, we can get this highly qualified team! <\/strong>😎<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":" \u201cTalent shortage\u201d, \u201cskills gap\u201d, \u201cemployee burnout in cybersecurity\u201d, \u201chigh turnover rate\u201d \u2013 as a cybersecurity professional, you must be familiar with these expressions, for better or for worse. You may have seen the big headlines pointing out talent shortage issues…<\/p>\n","protected":false},"author":1368,"featured_media":22110,"comment_status":"open","ping_status":"closed","sticky":true,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3270,3977],"tags":[4331],"coauthors":[3505,4330],"class_list":["post-22115","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy-en","category-focus","tag-talent-management-2"],"acf":[],"yoast_head":"\nTake a moment to analyse the strengths and weaknesses of your team to identify the complementary skills and competencies you need to look for\u2026<\/strong><\/h2>\n
Fueling Team Today, Attracting Tomorrow: The recipe for Sustained Cyber Teams<\/strong><\/h2>\n
\n
\n
Mastering the art of taking care of your people<\/strong><\/h2>\n