How CIOs Can Hire People With Cybersecurity Skills

CIOs need to find a way to solve the shortage of skilled security workers
CIOs need to find a way to solve the shortage of skilled security workers
Image Credit: Merrill College of Journalism Press Releases

As your company’s CIO you have a responsibility to make sure that the IT department is staffed with the skilled workers that it will need in order to remain both competitive and secure. Among other things, this means that because of the importance of information technology you are going to have to hire the cybersecurity experts that you’ll need in order to keep the bad guys out. However, this is where CIOs are starting to run into problems. It turns out that there simply are not enough cybersecurity experts out there. This is creating real problems for CIOs. What should we do about this?

New Ideas About How To Get More Cybersecurity Workers

One of the reasons that CIOs are facing such a problem when it comes to getting the cybersecurity staff that they need has to do with numbers. A survey of the U.S. job market has revealed that there are currently 300,000 cybersecurity jobs that are going unfilled. If you take a look world wide, this number grows to over 1.8 million jobs that will be unfilled by 2020. Clearly this means that CIOs are going to be competing with each other to attempt to attract what few workers there are to fill the open positions within their company.

CIOs are going to have to come up with ways to convince more people that a career in cybersecurity is one that will pay off for them. The good news is that a lot of CIOs are spending time thinking about this problem. The challenge is that there is no one clear answer that will create a solution that everyone can live with. What has happened is that a general trend has started to show up and appears to be pointing the way towards a set of solutions that could help to solve this problem. The first part of a solution that would help to fill the cybersecurity gap is to find ways to attract more people to this field. The next part of the solution is to find ways to go about training the people who do enter the field faster.

CIOs who have taken a careful look at the types of cybersecurity talent that they currently have available to them are starting to realize that at least part of the problem is that there is a lack of a focused pipeline of qualified talent entering into the cybersecurity field. What this means for CIOs is that they are going to have to come up with ways to go about training more cybersecurity professionals. Something else that needs to happen is that organizations that traditionally can’t afford to hire cybersecurity professionals need to find a way to have cybersecurity professionals come and work for them.

There may be a solution to both of these challenges. A “Cybersecurity Peace Corps” has been proposed. The thinking is to create a cybersecurity organization that would be modeled on the U.S. Peace Corps program. The program would place workers at nonprofit firms and with other organizations that traditionally could not afford to have them. Their salaries and training would all be paid for by the government. This plan would provide assistance to a number of firms who don’t have the financial resources to hire a cybersecurity professional. At the same time it would be helping to build out the cybersecurity pipeline for other businesses.

Incentives To Get People To Commit

There are other proposals for how the cybersecurity pipeline could be filled. One alternative proposal is to create what is being called a cybersecurity ROTC program. Students who signed up to participate in this program could attend college tuition free in exchange for them agreeing to go to work for the government for a fixed number of years after college. The power of this approach is that it could make getting a career in cybersecurity a reality for students who would otherwise see that as being something that was financially out of reach for them.

Something that all CIOs need to realize is that if the correct set of financial incentives were in place, companies would be motivated to find ways to fill the cybersecurity pipeline themselves. One such bill that was introduced in Congress proposed to establish tax breaks for companies that set up cybersecurity training programs. These programs would prepare students to receive certifications in cybersecurity that they could not traditionally earn in a college setting. There are other bills being considered that could both enlarge the workforce and boost the available training.

One powerful tool that is being considered as a way to attract more students to the cybersecurity field is to offer them student loan debt relief. One such bill would cancel as much as US$25,000 worth of student loans for students who were willing to work at a cybersecurity job for an organization that needed them for at least a year. At the same time there are bills that propose to offer firms tax credits of up to $5,000 per employee when they support the training of students who get cybersecurity academic degrees or cybersecurity certifications. Firms that participated in these programs would also be at an advantage when competing for government contracts.

What All Of This Means For You

The person with the CIO job is responsible for many different parts of the company’s IT department. One of the most critical responsibilities that the person in the CIO position has to deal with is how to keep the company’s networks and data secure. To do this, the company needs to have enough cybersecurity professionals on staff to stay on top of the constantly evolving threats. The problem that this creates for CIOs is that there don’t seem to be enough people out there with cybersecurity skills. What will they have to do?

One of the first things that CIOs need to understand is that there are currently many more cybersecurity jobs than there are qualified candidates. In order to start to solve this problem, CIOs need to come up with ways to attract more people to the cybersecurity field and then train them faster when they show up. Currently the pipeline of potential cybersecurity workers is not full enough. One possible solution to this problem is to create a type of “Cybersecurity Peace Corps” to train new workers. Another approach is to create a ROTC program where college tuition would be paid for when a student agreed to work for the government after getting out of college. Financial incentives are another way to start to fill the cybersecurity worker pipeline: workers could have student loans forgiven and companies could receive tax credits for training workers in the cybersecurity field.

The one thing that I think that we can all agree on is that the threats to our networks keep growing in size and complexity. In order to keep our companies safe, CIOs need to have a large pool of cybersecurity experts to hire from. Right now that does not exist and so we need to take steps to create more good candidates. If we move quickly, then we’ll have the workers that we need when we need them.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: Do you think that raising the salary of cybersecurity workers would attract more people to the field?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.


P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

CIOs have known for a long time that their firms are under assault from outside forces. Your company has developed a vast warehouse of valuable information that outsiders would love to be able to get their hands on. As the company’s CIO it is your job to prevent this from happening. However, in order to perform this task successfully you are going to have to make sure that you are aware both of the threats that you are facing as well as the ways that you can defend yourself.