As cyber attacks continue to grow in frequency and scale, demand for qualified professionals far outweighs supply, fueling a fiercely competitive talent war. Amplified by the pandemic, this worldwide cybersecurity talent shortage has far-reaching implications for organizations’ ability to protect against evolving threats. We asked CyberArk Chief Human Resources Officer Ruth Shaked to share her perspectives on ways to address this growing challenge.
Prioritize Your People’s Priorities
“Where, when, how and even why people work has changed. To protect and grow your organization’s greatest asset — your team — and remain competitive, your cultural practices must change too,” Shaked says. In a word, they’ve got to get flexible. This is true for cybersecurity professionals and knowledge workers across industries and functions.
A 2021 Microsoft survey of more than 30,000 workers in 31 countries found 70% of people want flexible remote work options to continue, while over 65% are craving more in-person time with their teams. Bottom line: people want options, and hybrid work is here to stay.
The same study found 39% of employees feel exhausted. And in the fast-paced world of cybersecurity, these burnout rates are even higher: according to a 2020/2021 Chartered Institute of Information Security (CIIS) State of the Profession report, 54% of cybersecurity professionals admitted they had either left a job due to overwork or burnout or have worked with someone who has. To reverse this trend, flexible work models must not only take employees’ physical wellbeing into account but also their mental health and social and intellectual well-being.
The way employees “climb the corporate ladder” is also shifting away from a linear approach that can limit the development of new skills, exposure to diverse ideas and meaningful contribution opportunities. Corporate structures are moving toward more flexible “lattice” models that support mobility in multiple directions and across various functional areas within the organization, better reflect workers’ priorities and values, and bolster employee satisfaction and retention.
Focusing on your people’s priorities is not only the right thing to do; it’s also good for business. “Happy, healthy employees provide best-in-class service, deliver greater innovation and ultimately drive success,” Shaked says.
“Where, when, how and even why people work has changed. To protect and grow your organization’s greatest asset — your team — and remain competitive, your cultural practices must change too.”
– Ruth Shaked, CyberArk Chief Human Resources Officer
Give Teams the Training and Tools Needed to Succeed
While attackers continue to innovate, technology is changing at a rapid pace. “It’s no surprise that cloud security tops the list of professional development priorities for the next two years,” Shaked says, referencing a 2021 (ISC)2 Cybersecurity Workforce Study. “Closing the gap requires greater investment in training and development, while giving over-worked and over-stressed security professionals the time they need to actually take advantage of these programs,” she continues. “Intensive boot camp-style training courses are great options for people with the right aptitude, right attitude, curiosity and willingness to learn.”
One potentially overlooked way to address these gaps is by conducting cybersecurity training for non-security teams. Shaked points to CyberArk’s own internal program as an example. “One of the goals of the program is to train our developers in secure coding practices, teaching everything from threat modeling and cryptography to penetration testing. This helps to promote our security-first culture, while creating a new growth path for developers,” she says.
Technology can also play a supporting role in addressing shortages and freeing up time for workers to learn new cybersecurity skills, reskill or upskill. The same (ISC)2 workforce study found that in the next year, organizations plan to increase their use of cloud service providers (38%) and intelligence and automation for manual cybersecurity tasks (37%).
Create a Diverse and Inclusive Culture
A diverse, inclusive work environment is proven to foster innovation, inspire people, deepen engagement and ultimately, improve retention. “As competition escalates for skilled cybersecurity workers, employees both expect and seek out evidence of their employer’s commitment to workplace diversity, equity and inclusion (DE&I),” Shaked says.
Building a culture of representation and belonging is a top priority for Shaked and the entire leadership team at CyberArk, and she notes that ongoing employee communication and feedback has helped deepen their focus and drive continuous improvement. “DE&I is fundamental to our core CyberArk values — one of which is ‘We,’ which means always engaging respectfully with others and always acting as a team player.”
She continues, “We’ve rolled out a global employee diversity training program built on three core pillars: authenticity, which means doing what we say we will do; accountability for enabling an inclusive culture; and awareness of inclusive behaviors, practices and processes.” As part of this, all employees participate in training courses that explore topics such as supporting allyship, overcoming unconscious bias and embracing inclusive behaviors. Other aspects of the program include formal inclusive recruiting certification for talent acquisition personnel, diversity coaching workshops for leadership teams and special initiatives tied to local and global days of diversity, such as PRIDE Month and Chinese New Year.
CyberArk’s ongoing participation in, and sponsorship of, organizations such as Partnership Inc. and TRIBE Academy reinforce the company’s commitment to hiring and celebrating employees across unique cultures, experiences, backgrounds and identities. As Shaked puts it, “Inviting people to the dance is not good enough. We need to invite everyone to dance.”
Elevate Women in Cybersecurity
One clear way to foster workplace diversity is attracting more women to cybersecurity — a field in which women have long been underrepresented. This is a topic particularly near and dear to Ruth. “We need to bring more women’s voices and perspectives to the table — especially in cybersecurity leadership positions,” she says.
Providing professional development, coaching, mentorship and network building opportunities is key to elevating women within their organizations. At CyberArk, Shaked is particularly proud of CYBRWomen, a recently launched employee resource group designed by women, for women. She explains, “CYBRWomen’s mission is to recognize and empower our incredible women here at CyberArk. This global community is a safe space to come together, support one another, promote female-driven ideas and innovation and help women achieve their professional goals.”
“Inviting people to the dance is not good enough. We need to invite everyone to dance.”
– Ruth Shaked, CyberArk Chief Human Resources Officer
Encouraging women to explore cybersecurity career paths during college is also an important step in addressing the talent shortage, Shaked notes. CyberArk’s partnership with Wentworth University to offer scholarships to women enrolled in cyber studies and other STEM careers is one initiative supporting that goal. And to attract women entering the profession or exploring new opportunities, organizations must prioritize inclusive hiring practices that consider women, along with flexible work options that promote work-life balance.
Inspire the Next Generation of Cybersecurity Leaders
Raising awareness about cybersecurity careers requires collaboration across enterprises and educational institutions, out-of-the-box thinking and an early start. For instance, researchers are teaching virtual reality-based cybersecurity lessons to K-12 students using a familiar method: video games. And speaking of familiar, TikTok — one of the world’s most popular social platforms — is working to promote content aimed at getting kids interested in cybersecurity and privacy careers. Meanwhile, cybersecurity apprenticeship and internship programs (such as those offered by CyberArk) are helping college students develop skills on the job, while supporting more diverse candidates.
“If this world fascinates you, learn as much as you can,” encourages Shaked. “When it comes to cybersecurity, the sky’s the limit. Maybe coding isn’t your thing, but there’s also a need for creative individuals looking to tackle new challenges, for those with strong communication and management skills — there are so many different paths under the cyber umbrella to choose from.” She suggests taking a spin through this National Initiative for Cybersecurity Careers and Studies (NICCS) list of cybersecurity career profiles, as well as CyberArk’s own career page, to help students and individuals considering a career change get a better understanding of their options.
As with the field of cybersecurity itself, there’s no silver bullet — no single solution — that will fix this worldwide skills shortage. But by focusing on employee empowerment and growth, DE&I-centric people practices and awareness building at critical steps along students’ educational journey, organizations can serve as powerful engines for change.