Recruiting and retaining diverse cloud security talentEsteban Hernandez, security specialist at Amazon Web Services (AWS), discusses how organisations can recruit and retain diverse cloud security talent
The pandemic shed fresh light on technology and, by extension, the cyber security skills gap and the need to reskill displaced workers across EMEA. In fact, recent research by (ISC)² has suggested the global cyber security workforce needs to grow by 145% just to close the gap. This is no small margin, and as competition for talent grows, organisations must reassess their approaches to recruiting and retaining top security talent. In part, this comes down to adopting bold new recruitment, while also moving to the cloud.
But there is no simple solution or quick fix. Finding and retaining talent means investing in the right technology and nurturing talent from a broad range of backgrounds – both inside and outside of the organisation. Particularly in a sector such as cyber security, having a diverse team improves the ability to troubleshoot problems quickly, providing different perspectives, problem-solving skills, and creative ideas. In this article, we explore the cyber security talent shortage we are facing, and how and why businesses need to rethink their approach to recruiting and retaining talent.
Securing against Covid-19 disruption and the importance of diversity and inclusion in security
The skills gap is growing
The tech sector is making strides to close the skills gap, but it can feel like an exclusive and inaccessible club. For instance, women make up just 19% of tech workers (Tech Nation) and, of this, only 24% of the current cyber security workforce according to the (ISC)². The situation gets even more concerning when we look at minority groups. For example, people from a Black, Asian and minority ethnic background (BAME) represent just four percent of the tech industry, according to statistics from a Tech Nation and Royal Society report.
Furthermore, recent research by BCS, The Chartered Institute for IT, found that only 9% of BAME IT specialists were directors. In comparison, 32% described themselves as a manager or supervisor, compared to 43% of their white counterparts. It’s clear that we have a long way to go to address the inequality within our industry to create a workforce in both IT and cyber security that is diverse and inclusive. To achieve this, businesses need to rethink their strategies for recruitment, retraining and retention. It requires a bold approach and a crucial part of this is being honest with themselves on where there’s room for improvement and actively taking steps to affect change.
Inspiring a new cyber security workforce
The first step to encouraging more diversity within the cyber security workforce is representation. Businesses need to look at their teams and collaborate with their community and industry to create a platform that will inspire individuals into industries they may not have considered before. For example, company representatives at events act as role models, and their individual passion can be a strong inspiration and draw for a wide range of candidates. For this reason, it’s vital that security and cloud teams – and in particular members from diverse backgrounds – have a voice on traditional media and social platforms. Diverse voices should be seen and heard in newspapers, on corporate blogs, and in broadcast, where they can share insight into their careers and expertise, encouraging new talent to join the industry and their business specifically.
Similarly, mentorship programmes help businesses to attract and retain talent. For those moving into the industry, changing companies, or transitioning into a new role, having a mentor provides support, the comfort of representation, and showcases their achievements. However, in order for mentorship schemes to succeed, businesses must apply a gender and diversity lens. 48% of women feel a lack of female mentors is one of the biggest barriers they face in the workplace, according to ISACA. To encourage these women, and other underrepresented individuals, to stay in security and cloud careers, we must provide them with relatable role models and champions.
Women in IT Global Summit: Jumping the big tech hurdles
Invest in existing and potential employees
In addition to using mentoring programmes to grow their employees and encourage greater inclusion, businesses must implement rigorous training programmes designed to nurture and develop the talent they already have. This is crucial when looking to fill positions that have a limited talent pool. For example, two-thirds (64%) of cyber firms have faced problems with technical cyber security skills gaps, either among existing staff or among job applicants, according to the UK cyber security labour report. By identifying and training existing staff, hard to fill positions are filled easily at lower cost, and businesses can ensure that they are inspiring and investing in the talent within.
Doing so delivers numerous benefits to both employer and employee. On a practical level, the employee is empowered to become comfortable and competent with new technology and feel part of an organisation that invests in talent and commits to inclusion. This keeps staff engaged and gives them the ability to grow, feel secure in their progression, and increases retention. Meanwhile, the business avoids recruiting fees, potentially the inability to find staff externally and most importantly, can create a culture that has diversity, inclusion and employees growth at its core.
A diverse and inclusive future
It’s unquestionable that businesses can fill the skills gap; boosting attraction and retention of staff through cloud technology training programmes, nurturing employees from a diverse range of backgrounds via mentorship schemes, and connecting with potential candidates at security and cloud events and education institutions. It’s these bold strategies and commitments to equality that will distinguish themselves from competitors. As a business, we are working with our customers, partners, and organisations, to focus on diversity and inclusion at every step of the recruitment and talent process.
Fundamentally, we believe that technology should be built in an inclusive, diverse, and equitable way, and we have a responsibility to make that happen. Because it’s only when barriers are broken, doors are opened, and more seats are pulled up to the table, we can recruit and retain the best cyber security talent and create an equal culture.