Four Things CISOs Told Us About Talent

For cybersecurity executives, the need for talent is not a new issue. There is an ongoing race to recruit skilled employees and outpace cyber criminals. At the same time, the quickly changing nature of cyber threats makes it a challenge to ensure those employees have the right skills.

According to June 2022 data from Cyberseek, cyber job postings are growing at more than twice the rate of other roles. Their study found that “demand for cybersecurity jobs increased by 43% in a 12-month period compared to a nearly 18% increase in demand across the entire employment market.”

With the current climate around recruiting — along with the stress and burnout sometimes associated with cybersecurity roles – we wanted to hear from CISOs in Evanta communities about their thoughts on finding and keeping talent.

Here, we take a look at responses to 4 questions in our recent community survey on the war for talent and how CISOs compare to their peers across the C-suite.
 

1. The shortage of skilled security workers & why

65% of CISOs said that their organizations have more open positions now than in years past. This number was a bit lower than CIOs (76%) and CHROs (75%) who reported at higher rates that they have more open positions currently than in a typical year. 

When we asked CISOs what they thought was causing the shortage, their top two responses were “the supply and demand for workers are out of balance” (60%) and “it’s part of the evolution of how employers and employees are adapting to the new world of work” (57%). 

Other comments from CISOs about causes of the talent shortage included “recent increased local competition of the available workforce” and “professionals with required cybersecurity skills are rare talents.”

2. A structural issue, not a temporary one?

48% of CISOs thought that the shortage of skilled workers would “remain this way for the foreseeable future,” suggesting that almost half believe that this is not a trend or temporary situation. 28% of security leaders also reported that they thought this talent issue would last for “12 months or more.” 

On this topic, CISOs are more closely aligned with CIOs than their other C-suite counterparts. 40% of senior IT leaders also think the talent shortage will remain this way for the foreseeable future. It could be that the rapidly changing nature of technology and security have already exposed those leaders to the gaps in finding workers to meet their needs.  
 

3. The impact of a recession

When asked if it would still be hard to find talent if a recession were declared, 72% of security leaders said yes, 17% said they weren’t sure, and 11% said no. This again suggests that they see a structural problem in finding security workers, rather than an issue that ebbs and flows with the economy and other factors, like the Great Resignation.

One CISO commented: “Well-trained, seasoned security professionals will only see continued demand. Should a recession be confirmed, it will be even more critical to protect organizations as people become desperate and criminals more brazen.” 

4. Recruiting & retaining cybersecurity employees

59% of CISOs reported in our survey that recruiting and retaining employees are equally challenging right now. Their strategies are similar for both activities — with culture, flexibility and compensation serving as the cornerstones.

The top 3 tactics by far for recruiting new employees are promoting company culture and employee engagement (82%), offering remote or flexible working arrangements (81%), and offering competitive compensation and benefits (69%). 

Flexibility jumps to the number one tactic for retaining current employees, with 70% of CISOs reporting that they are using it as part of their strategy. Company culture remains in the top 3 with 68% of CISOs saying it is a key component of retention, and then reviewing compensation and benefits packages comes in third with 65% of security leaders reporting it as a tactic.

Generally, CISOs were already talking about talent before this year and any trend reported comes as no surprise to them. These are some of their comments in the survey:

My perspective is that we collectively should focus on growing new talent rather than fighting over existing talent.”

For cybersecurity talent specifically, the pipeline is not keeping up with the demand, and too many organizations are unable or unwilling to take on junior level graduates with no experience and mentor them up.”

Flexible work practices and alignment with a clear purpose seem to have increased in importance to candidates compared to compensation and titles.”

To read more about the survey results, check out the infographic, or you can find opportunities to join your peers in an upcoming discussion on topics like talent and other top priorities for CISOs.