There is a general acceptance that there is a global security skills gap, almost three million security professionals according to (ISC), and expected to grow over the coming years, writes Prabashni Naidoo, Director at Amazon Web Services South Africa.
As competition for talent grows, it is more important than ever organisations reassess their approaches to recruiting and retaining top tech talent and look for new ways to secure their organisations, a growing trend is to move to the cloud. The key to retaining talent is opting for bold strategies that focus on investing in the right technology, nurturing talent, both inside and outside of the organisation, and not expecting the right people to come knocking at your door. We explore four ways to find and retain security talent.
Open the door to the tech industry
For those on the outside, the tech industry can feel like an exclusive and inaccessible club. If we encourage more people to consider careers in security and cloud computing, and feed the talent pipeline, businesses must proactively go out and offer to train potential employees from a diverse range of backgrounds.
This should include actively recruiting all races, religions, nationalities, ages, and sexual orientations. Having business strategists and specialists in cloud security attend conferences, workshops and hackathons, for school and university students, is key to bridging the gap between companies and future candidates.
Events such as Securex and Africacom are brilliant for engaging a new generation of enthusiasts, but events designed to increase diversity, for instance Women in Tech Africa, are particularly valuable. However, companies must remember that they will only have people to inspire at these events if they increase accessibility by lowering entry costs – as several are currently prohibitively expensive.
Lead by example
Company representatives at events act as role models and their individual passion can be a strong inspiration and draw for candidates. For this reason, it’s vital that security and cloud teams have a voice on traditional media and social platforms, from newspapers to corporate blogs, where they can share insight into their careers and expertise, encouraging new talent to join the industry and their business specifically.
In a similar way, mentorship programmes help businesses to attract and retain talent. For those moving into the industry, changing companies, or transitioning into a new role, having a mentor provides support, the comfort of representation, and showcases their achievements.
However, in order for mentorship schemes to succeed, businesses must apply a gender and diversity lens. Forty eight per cent of women feel a lack of female mentors is one of the biggest barriers they face in the workplace, according to ISACA. To encourage these women to stay in security and cloud careers, we must provide them with the relatable role models and champions.
Invest in existing and potential employees
In addition to using mentoring programmes to grow their employees, businesses should implement rigorous training programmes designed to nurture and develop the talent they already have. Doing so delivers numerous benefits to both employer and employee. Firstly, on a practical level, the employee is empowered to become comfortable and competent with new technology, such as cloud, introduced to improve their companies’ cyber defences.
This training will enhance the businesses security, while enabling staff to offload undifferentiated heavy lifting so they can focus on the more interesting aspects of cybersecurity. This keeps staff engaged and gives them the ability to advance, increasing retention. Meanwhile, the business avoids recruiting fees and potentially the inability to find staff externally.
This approach is particularly valuable when hiring for positions that have a limited talent pool. For example, security/risk management professionals are the second hardest IT employees to find, according to research by CIO magazine. By identifying and training existing staff, hard to fill positions are filled relatively easily at lower cost. M&S has done just this, but taken it a step further, with its data academy and data fellowship.
Both programmes teach employees, who are currently employed in everyday retail functions, about emerging technologies and data analytics tools. This enables them to attain a data analytics qualification accredited by the British Computing Society and migrate to other areas of the business. Security and cloud are areas where businesses may want to take a similar approach.
Beyond providing internal training, businesses should endeavour to upskill the wider population, focusing on those who are enthusiastic and committed to pursuing digital positions. We’ve done exactly this at AWS with the re:Start training and job placement programme. re:Start educates young adults, as well as military veterans and reservists, on the latest software development, cybersecurity trends and cloud computing technologies, helping individuals of all skill levels develop their capabilities.
The training includes an overview of Security in the Cloud and training for AWS Security, Identity, and Access Management. It is also accompanied by work placements which will help AWS address its need for more skilled staff in cloud computing.
Increasing retention with cloud security and tailored benefits
Once organisations have a solid security team in place, retention becomes a critical issue. Key to this is providing job roles that are interesting and varied. However, this is challenging with many security professionals currently bogged down updating, patching, auditing; working to ensure that IT environments are protected, resilient and compliant.
This leaves them with little time to focus on the higher value, strategic thinking around security. Transitioning to the cloud can help here; the best cloud platforms take on and automate the heavy lifting, helping organisations retain security experts and let them focus on more interesting aspects of cybersecurity.
The opportunity for career growth is also an incentive for employees to remain loyal to an organisation. However, pay alone is not enough to attract and retain the best talent. In today’s market, businesses need to think about their benefits package holistically; balancing career advancement opportunities with lifestyle perks tailored to individual employees’ priorities. For instance, allowing staff to choose between a range of benefits such as childcare, healthcare and flexible working. Finally, regularly seek feedback from employees on the benefits offered and tailor accordingly.
It’s debatable whether we’re really facing a security skills gap or whether companies are missing the opportunity to train to develop potential and current employees’ skills. Either way, it’s unquestionable that businesses can fill the skills gap; boosting attraction and retention of staff through cloud technology training programmes, nurturing employees via mentorship schemes, and connecting with potential candidates at security and cloud events and education institutions. Combined with offering tailored benefits, businesses who follow this approach will distinguish themselves from competitors and successfully stock the talent pipeline.
 A report by non-profit association (ISC)² has revealed that the worldwide cyber security skills gap currently stands at almost three million, exposing a serious shortage of talent working in the IT security sector.