While AI has been dominating the headlines in cyber circles throughout 2023, another less glamorous topic is just as acute: the cybersecurity talent shortage. We’ve covered this topic in the past, but the challenge continues.
In the 2022 Cybersecurity Workforce Study by non-profit ISC2, highlighting the global shortage of cybersecurity workers widened by 26.2 percent to 3.42 million. Forbes also weighed in last week on the crisis, saying that the talent gap is impacting risk assessment, oversight, and strategic planning. Cybersecurity leaders said it had affected their ability to keep up in such a dynamic environment.
For managed service providers (MSPs), talent shortages can be an opportunity. Yet even they are faced with the challenge of keeping their own staffing up. Carl Kramer, a Los Angeles tech staffing specialist, tells SmarterMSP that MSPs can help bridge the gap, but they are feeling the talent shortage too. “Companies that can’t find talent to hire in-house are turning to MSPs, but MSPs are in the same scramble for talent,” he says.
Human resources and technology are of equal importance
To excel the business, MSPs should treat human resources the same as they would firewalls and patching. “MSPs that can find and retain the talent are going to be in the driver’s seat for years to come, but those who can’t, will be severely disadvantaged,” warns Kramer.
This means that MSPs must put their best foot forward when hiring. “You can’t just have someone check some boxes and put a few references down. You need to `connect’ with the people you are hiring,” he advises. “You have to make ABC MSP stand out from Ralph’s MSP.”
Kramer offers some tips explaining that we all know about competitive pay, but it goes beyond that. “You can pay what you can, but sometimes it is the intangibles that can make the difference,” he says. Kramer also gives an edge to MSPs in the heartland. “Let’s face it, a salary in Wichita will go much farther than the same salary in Boston or San Francisco.”
Get ahead of the talent shortage problem
So, what can MSPs do to put themselves in the pole position regarding cyber talent? Kramer offers these suggestions:
Create a positive work environment: This means having a culture that is supportive, collaborative, and fun. It also means providing employees with opportunities for growth and development. “It sounds silly, but if your MSP is in Fargo, North Dakota, `beach day’ might be fun where everyone shows up to work with inflatable sharks and rafts,” Kramer offers. The work of cybersecurity is serious but balancing it with some levity can help blunt burn-out.
Empower employees: Give employees the autonomy to make decisions and take ownership of their work. “No engineer wants to be out in the field and be overruled by someone in a central office. Make field personnel part of your company’s decision-making chain. After all, they are closest to the action,” Kramer says.
Provide opportunities for learning and development: The IT industry is constantly changing, so MSPS needs to provide employees with opportunities to learn new skills and stay up to date on the latest technologies. “It can be expensive but invest in your talent by paying for courses or college, and you’ll recoup that 5-fold,” he recommends.
Company culture: “This is the big one,” Kramer shares. “And if you can’t define your company culture in a single sentence, that is a problem. You have to give an engineer a reason to come to you.” If your MSPs are known for being steeped in integrity and for deeply valuing their workers, that gives you an edge. He added, “But you can’t fake a culture; either you have it, or you don’t.”
Partner with local colleges and universities: Kramer points out there is a vast untapped talent pool in these places, and forming alliances earlier can create a talent pipeline and give MSPs a chance to establish their brand early. “Even down the high school level, MSPs should be exploring building relationships,” he says.
Meanwhile, help might be on the way in the form of Cyber Million, a global effort launched by staffing giant Accenture and Immersive Labs to fill one million cybersecurity jobs over the next decade. According to press releases about Cyber Million:
Unlike legacy hiring modes, the program will take a practical, evidence-based, skills-first approach to recruiting. Anyone over the age of 16 will be able to register for the program and complete a series of curated hands-on exercises and labs that match the skill set requirements of open roles. Once candidates successfully complete these labs, skilled individuals may apply to open employment partner roles. The program is designed to be flexible, allowing candidates to complete courses at their own pace. “Cybersecurity talent is everywhere, and it can be developed if those eager to learn are given the opportunity, whether or not they come from a technical background,” said Robert Boyce.
Until then, MSPs should get out those inflatable sharks and stress company culture.
Photo: Barriography / Shutterstock