To Find Cybersecurity Talent, Poach From Other Fields 

A substantial shortage of skilled cybersecurity professionals in the U.S. labor force makes it difficult for the government and private-sector employers to fill vacancies in these critical jobs. The federal government has made significant investments and progress in managing its cybersecurity workforce more effectively, but the short supply of talent threatens the government’s mission to safeguard the American people, our homeland and our values. To address this, the government will need to develop new sources of cybersecurity talent. 

The most promising new source is identifying new individuals who are likely to possess the aptitude to acquire new skills and the potential to succeed in a career in cybersecurity. That means identifying occupations with similar profiles of work activities and worker requirements and identifying individuals from these occupations who have the greatest potential to acquire new technical skills and succeed in cybersecurity.

The Cybersecurity Talent Gap 

Cyberattacks continue to increase in their frequency and impact, particularly since the early months of the COVID-19 pandemic. At that time, the FBI reported a 300% increase in cyber crimes as workers transitioned in vast numbers to telecommuting. The recent SolarWinds breach is a stark reminder of hackers' ingenuity, persistence and resources. In response, the Biden administration is redoubling efforts to protect and defend the nation's information infrastructure. 

For these initiatives to succeed, however, public- and private-sector organizations must successfully navigate one of the most vexing challenges in cybersecurity talent management: the cybersecurity talent gap. Specifically, there is a significant worldwide shortage of cybersecurity professionals relative to the demand for their skills and capabilities. The magnitude of the shortage is illustrated by the figures shown below.

According to CyberSeek, an initiative funded by the National Initiative for Cybersecurity Education (NICE), the United States faced a shortfall of almost 464,420 cybersecurity professionals as of July 2021.

Supply does not match the growing demand, so the supply must increase. Some organizations have already started filling the gap. When IBM recognized the need for an innovative approach to meet the demand for cybersecurity skills, it created a program for hiring people with little or no experience or skills in cybersecurity. New employees were hired with the understanding that they would become embedded within a more experienced team, including cybersecurity experts, and learn on the job as the team focused on solving one problem at a time. Combined with other initiatives, IBM has grown its cybersecurity workforce and, equally important, has addressed traditional disparities in the representation of women in these roles. 

The government can achieve the same success using this approach. To maximize the investment, it is critical to focus these programs on the people who have the greatest potential to acquire cybersecurity skills, and to ultimately perform successfully on-the-job as a cybersecurity professional within the government. 

What Are the New Sources of Talent?

A recent survey found that less than one-half of cybersecurity professionals started their careers in the field. Of those who transitioned into cybersecurity from another profession, many came from careers in mathematics, business, finance, sales and customer service, among others. Here is a simplified depiction of the cybersecurity skill profile:

There are already algorithms for identifying high-growth, high-demand occupations for which workers in low-growth, low-demand occupations may transition. These algorithms can also be used by employers to find occupations from which they could attract and recruit potentially qualified workers.

We looked at the cybersecurity profile, leveraged data from the Occupational Information Network (O*NET; www.onetonline.com), and identified the occupations listed in the table below (among others) as having profiles very similar to cybersecurity jobs. These occupations also have declining employment opportunities and a median salary that is significantly below the median salary for cybersecurity work in the federal government. There are already algorithms for identifying high-growth, high-demand occupations for which workers in low-growth, low-demand occupations may transition. These algorithms can also be used by employers to find occupations from which they could attract and recruit potentially qualified workers. 

Occupations with similar profiles to cybersecurity jobs include: electrical and electronics repairers, telecommunications and equipment installers and repairers, geographers, purchasing managers, personal financial advisers, sociologists and budget analysts.

These and other occupations may provide the best source of people to expand the cybersecurity talent pool to more closely match demand. The similarities in the job profiles make it easier for workers in one of these occupations to transition into cybersecurity than it would be to transition into a dissimilar occupation. That offers the government a previously untapped source of talent to train to become cybersecurity professionals and increase the diversity of the cybersecurity workforce. 

Before hiring these workers, the government can use commercial or government (e.g., OPM’s USA HIRE) cybersecurity aptitude assessments to help identify applicants who have the aptitude to learn cybersecurity and the potential to succeed on-the-job, minimizing the risk of hiring them and conserving limited labor and training dollars. It is a commonsense approach that presents an excellent way to fill the talent gap.

Jeffrey Neal is a principal for ChiefHRO.com.

Jeff Facteau is managing director for PDRI. 

Brian O'Connell is a Ph.D. and managing director for PDRI.