The cybersecurity talent shortage in the workforce presents a direct cybersecurity threat. Statistics from the National Institute of Standards and Technology (NIST) paint a grim picture:
By 2025, a lack of talent or human failure will be responsible for over half of significant cybersecurity incidents. There is currently a global shortage of 3.4 million cybersecurity professionals.
According to NIST, some of the most acute shortages include:
- Cloud security
- Cyberthreat intelligence
- Malware analysis
The cybersecurity shortage has hit managed service providers (MSPs) especially hard. Skilled security engineers are needed to perform many front-line functions.
MSPs must focus on upskilling and career growth opportunities
SmarterMSP.com reached out to a cross-section of industry experts to get their thoughts on how MSPs can best deal with filling the talent gap. While a 4-year degree from an accredited college used to be seen as the gold standard when hiring, experts now say that to combat the shortage, HR needs to look beyond the degree.
Vit Koval, co-founder at tech talent acquisition firm Globy, says that to attract cybersecurity talent in the face of a shortage, MSPs must offer competitive compensation packages and highlight career growth and development opportunities.
“Emphasizing the importance of protecting sensitive data and providing a supportive work environment can also be appealing,” Koval states. He says a college degree is less critical than skills and experience. “While a 4-year degree can be beneficial, practical experience, certifications, and demonstrated skills often weigh more heavily in this field.”
He goes on to explain that MSPs can better address the talent shortage by investing in training programs to upskill existing employees or hiring individuals from non-traditional backgrounds. This includes boot camps or vocational programs.
“Establishing partnerships with educational institutions to cultivate talent pipelines and offering mentorship programs can help attract and retain skilled professionals,” voices Koval, adding that creating a solid company culture centered around collaboration and innovation can make the organization more attractive to prospective candidates.
Passion for technology outweighs a formal education
Darian Shimy, Founder and CEO of FutureFund, which operates technology platforms for schools, agrees with Koval. The four-year degree is less crucial than it used to be. “While traditional education has its merits, the dynamic nature of cybersecurity means that practical experience, certifications, and a passion for technology often outweigh a formal degree,” he says. “In my roles across the tech sector, from Square to Weebly, I’ve seen brilliant minds without traditional degrees drive significant innovations.”
Shimy adds that MSPs should value diverse educational backgrounds and focus on skills-based hiring, recognizing that talent can come from unconventional paths, explaining that “Offering apprenticeships or partnering with coding boot camps can be a strategic move to discover and develop cybersecurity talent.”
He goes on to say that traditional recruiting strategies aren’t sufficient anymore. He notes that “Building partnerships with educational institutions and offering internships can create a pipeline of emerging talent. Investing in upskilling current employees can uncover hidden potential within your organization, turning IT generalists into cybersecurity specialists.”
Shimy believes that embracing remote work can broaden an MSP’s search geographically. He also believes this will enable them to tap into a global talent pool. Furthermore, he expresses that developing a strong employer brand that highlights the company’s culture, mission, and commitment to employee development can make an MSP a magnet for top talent looking for their next challenge.
Addressing the gap
MSPs can address the cybersecurity talent shortage gap by prioritizing skills and experience over degrees. Additionally, by offering competitive packages and creating supportive work environments will give them an edge when recruiting new talent. Optionally, MSPs can turn to technology to help reduce this challenge. By employing technologies such as Extended Detection & Response (XDR), MSPs can centralize visibility of attack surfaces and offset the need of in-house security analysts with SOC-as-a-Service, which is available with some XDR platforms. Whether MSPs invest in training, partner with schools, embrace diverse hiring strategies, or employ easy-to-use and manage technology, these are all key steps that can help them fill the talent gap and strengthen cybersecurity defenses.
Photo: Andrey_Popov / Shutterstock