Cybersecurity Upskilling and Reskilling: Future Cyber Pros May Be Working in Other Areas of Your Company Right Now
- July 1, 2022
- Roy Zur, CEO of ThriveDX's Enterprise Division
At ThriveDX SaaS, our main goal is to solve two major challenges in the cybersecurity field: the talent shortage and the skills gap. One approach is to have a solid cybersecurity upskilling and reskilling strategy in place.
We consider the talent shortage to be the lack of qualified cybersecurity talent – a shortage of people with a solid background in cybersecurity.
This differs from the skills gap, which creates the need for continuing education and training to enable cyber security-savvy talent to keep up with ever-evolving cybersecurity threats.
Reportedly, Cybercrime Magazine states there are currently four million unfilled jobs in cybersecurity and companies worldwide are struggling to hire the right people because there’s just not enough talent in the job market.
Cybersecurity Upskilling and Reskilling Opportunities
Josh Bersin, a UC Berkeley board member and trusted advisor to Fortune 500 Companies, states that in the U.S. market alone, half a million people are needed for cybersecurity roles.
But that’s not all. About 80,000 of these roles are entry-level positions. So, right now, in the United States, there are opportunities for 80,000 people to get hired in cybersecurity, with thousands of companies struggling to find personnel.
Josh Bersin also mentions:
The global market for cybersecurity professionals today is 744,000 openings. In the next five years, Microsoft and LinkedIn believe this number will grow to 6.38 million openings. That’s a growth of 750% over five years! Some believe there is not another job category growing at this rate.
Additionally, Security Boulevard reports that by 2025, the global costs of cybercrimes are estimated to hit $10 trillion, and Accenture states there has been a 435% increase in ransomware since 2020. Clearly, we can no longer afford talent gaps and unfilled positions.
At the same time, it’s not just about bringing more people into the industry. A big part of the issue is how we solve the problems of corporations and governments that already have their existing employees and cybersecurity skills.
People working for different enterprises or government agencies require some level of cybersecurity training and skills – whether it is a companywide approach to security awareness, developers that need application security training, or IP and security people that require ongoing training.
In other words, someone filling a cybersecurity role doesn’t necessarily qualify them to prevent and counteract the ever-evolving cybersecurity threats effectively.
What can a leader like you, who is responsible for preventing cybersecurity threats, do about this?
You create the vision for your cybersecurity action plan, from the software you use to the talent that keeps your organization safe. This includes repurposing, upskilling and reskilling employees in other organizations to be a cybersecurity experts.
Why would you want to do this, you may ask? It is costly when employees quit.
In fact, according to Gallup, it can cost a company 1.5 times an employee’s salary when that employee quits.
Imagine if 10 employees making $100k quit; that’s (1.5) x (100,000) x 10, or $1.5 million an organization loses from attrition.
Even worse, the more senior the employee, the more expensive it gets — with Directors and above costing five times their salary if they leave.
Instead, imagine upskilling and reskilling some of those flight-risk employees and offering them a new role that will be both engaging and rewarding.
Again, according to Josh Bersin and his extensive data on the topic, there is hope. Many employees from other career paths actually do transition into cybersecurity.
As you can see, it’s not just employees in other IT roles who migrate into cybersecurity, but also workers from less obvious departments like Forecasting, Strategic Planning, Business Systems, Change Management, Accounting, and Operations Management.
And if you don’t have the talent from other departments willing to train in cybersecurity, you can always work with your Human Resources team to look into which degrees your employees hold.
Below are some of the different degrees that transition into cybersecurity careers:
You might be thinking: How do I actually make this work in my organization?
Once you know who they are and what kind of cybersecurity upskilling and reskilling they need, it is comparatively easy to bring in a team to retrain your current workforce.
But how do you shortlist your current employees with the potential to become security experts? How can you even gauge interest?
As it turns out, there are methods recommended by talent management and retention experts alike.
4 Steps to Start Cybersecurity Upskilling and Reskilling
Of course, you could just send out a companywide email to see if anyone is willing to consider cybersecurity training to be reskilled and take on these positions.
But for optimal results, you should work with your HR Department – preferably with someone in Talent Management.
Ask them to compile a list of all the employees who pose a flight risk (job-related), based primarily on the following factors:
- Their compensation level, and whether it is competitive in the industry.
- Their performance review rating (a low rating is not necessarily disqualifying…in fact it could indicate current role is a poor fit. They may actually be an ideal candidate for cybersecurity).
- If their current team is experiencing high turnover, they may be next. He or she may flourish under new management in a cybersecurity role.
- Whether they’ve done any recent learning and development training- if they haven’t, it means they’re not as engaged in their current position.
Once you identify these employees, send them customized emails to gauge interest in a career change with job advancement potential.
Just imagine the benefits of reassigning even one percent of those flight-likely employees to cybersecurity roles. You would simultaneously cut your security costs, reduce your attrition expenses, and fortify your organization by plugging its yawning cybersecurity gaps.
This might even lead to getting more headcount budget by demonstrating how much money you’re saving the company by sidestepping attrition expenses. When you lay this all out, HR might likely show interest by funding a cybersecurity reskilling budget.
If you need more ammunition to make the re-skilling case, Infosecurity Magazine projects:
Worldwide, 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and/or awareness.
At ThriveDX, we help you re-skill employees to add those saved expenses back to your bottom line. If you’re interested in learning more about how ThriveDX solutions can be customized for your business, we’d be happy to discuss in further detail.
Roy Zur is the CEO of ThriveDX’s Enterprise Division and founder of Cybint Solutions (acquired by ThriveDX in 2021). His background in cybersecurity and intelligence stems from his time as a Major in the Israeli Defense Forces, Cyber Unit 8200. Zur has more than 15 years of experience in developing cybersecurity training and education for organizations globally. Zur also serves as an adjunct professor of risk management in cybersecurity for the MBA-AI program at Reichman University, and is the founder and chairman of The Israeli Institute for Policy and Legislation non-profit.
Protect Your Organization from Phishing
Explore More Resources
- Article, Blog
- Article, Blog
- Article, Blog
- Article, Blog
Your Trusted Source for Cyber Education
Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.
