Industry is in "fear, uncertainty and doubt mode" about the security talent market, said Sam Olyaei, director analyst of Gartner, on Monday at the Gartner Security and Risk Management Summit in National Harbor, Maryland. One-sided statistics highlight the talent gap and separate companies from what they can control: readiness, investment, strategy and processes.
The majority, 61%, of businesses struggled to hire security professionals, which is influenced by narrow job descriptions and lack of role standardization, according to Olyaei. A security engineer at one company is a security architect at another.
Rethinking job postings will make the hiring process more fluid, paying close attention to job titles, requirements, and making certifications preferred, not mandatory, he said. Job postings should focus on leading and adaptation, rather than terminology specific to information security.
Cybersecurity talent is in high demand — there are more than 310,000 open infosec jobs in the U.S., Cyber Seek data shows.
Roles change over time and competitive salaries lure candidates. But those open roles can arise from a lack of clarity. Almost half of organizations struggle to find talent because they don't know what skills they need, Olyaei said.
Understanding what talent a company needs requires a robust security operation with visibility on current and emerging threats. But it can also serve as a recruiting tactic.
Across sectors, industries that hoard the most talent are insurance, banking and consumer products, according to Olyaei. Security talent rosters are not advanced because of resources (though bank technology budgets are staggering). Nor is it compliance fears that push security program development.
Instead, talent is attracted to those sectors because of how advanced their security programs are, Olyaei said.
With security, businesses have to start somewhere. Digital technologies have sparked a mindset shift and as security teams work to grow capabilities, they have to rethink what's possible and with what talent.
Relying on traditional talent recruitment — such as recruiters, LinkedIn or Indeed — will keep companies narrowly focused on the same pool of candidates they already struggle to hire. An alternative is to revamp candidate expectations and hire those who can grow skills over time.