A gamified approach is needed to solve the cybersecurity skills gap; here's how recruiters can adapt to this.
This article was first published on June 12, 2023, by HR Daily Advisor, a sibling publication to HealthLeaders, and adapted for HealthLeaders.
Cybercrime is currently ranked among the top 10 global risks by the World Economic Forum and the global talent shortage in cyber stands at 3.4 million. Furthermore, many cyber leaders expect cyber risks to worsen. According to the Global Security Outlook report by the World Economic Forum, 91% of respondents said they believe a catastrophic cyber event is likely in the next two years.
As a result, Haris Pylarinos, CEO at Hack the Box, says more cybersecurity and IT professionals are upskilling themselves to stand a chance against cyber criminals. Read on to gauge Pylarinos’ insights about why a gamified approach is needed to solve the skills gap, how recruiters can adapt to this, and more.
Q: How is the game starting to change in cyber? How can recruiters adapt to this?
Haris Pylarinos: Now more than ever, cybersecurity professionals must be equipped with practical skills and knowledge of real-life cyber-attacks. Cybercriminals are rapidly developing new ways of hacking into businesses daily. Meanwhile, the global talent shortage in cyber stands at 3.4 million. Because of this, organizations are beginning to rethink the way they hire. Arbitrary degree and qualification hiring criteria need to be phased out, and recruiters need to prioritize individuals with practical-based skills and training experience. A cybersecurity degree or prestigious credentials alone are not enough to equip individuals with the skills they need for a career in modern cybersecurity.
I know many self-taught hackers who don’t have a degree but are fantastic at protecting systems and keeping up to date with the latest cyber-attacks and trends. Recruiters need to be open to giving these candidates a chance. It’s also important to look out for candidates who have participated in Capture the Flag Competitions or Bug Bounty programs, which are practical ways to test the latest cybersecurity skills. Additionally, technical assessment also must be part of the hiring process for any cybersecurity role. That way, regardless of a candidate’s experience on paper, you test whether they have the skills or potential to keep up with the cybercriminals of today.
Q: Why is a gamified approach needed to solve the skills gap?
Pylarinos: In short, upskilling has to be fun. To plug a crippling skills gap, employees and people looking to enter the cyber industry need to be able to take part in a skills development experience that makes learning engaging, exciting, and fun. Instead of businesses running a one-week intensive course or providing quarterly or yearly training, upskilling should always be available and accessible in a fun, gamified format. This allows professionals to build muscle memory, continuously increase skillsets, l and keep up with the rapid rate of change in an industry like cyber.
Q: Why is upskilling businesses’ internal teams the way to turn the tide?
Pylarinos: The cybersecurity skills gap presents a lucrative opportunity for IT professionals or engineers who have an appetite to upskill and evolve into cybersecurity roles, as they already have a solid foundation for a career in the sector. Upskilling these individuals allows companies to offer new, exciting job opportunities to their current employees internally. For example, you could take an IT engineer and fast-track them through cybersecurity training to fill tier-one SOC Analyst roles or Junior Penetration Testing roles.
Q: Why are businesses “shooting themselves in the foot” by obsessing over hiring more security people? What should they be focused on instead?
Pylarinos: It’s less about hiring security people and more about hiring based on specific cybersecurity or IT skills. If, for example, your business lacks skills or knowledge in areas within Cloud security, Active Directory, Digital Forensics, and Incident Response, focus on plugging those gaps with the right individuals. Looking out for IT professionals or self-taught hackers with soft skills such as problem-solving, creativity, communication, and a wider hacker mindset, will also allow businesses to hire new talent from a wider pool. There are thousands of talented cyber-enthusiasts waiting in the wings to fill the skills gap, businesses just need to give them a chance.
HR Daily Advisor is BLR’s FREE daily source of HR tips, news, and advice. HR Daily Advisor offers free webcasts, articles, and reports on topics important to HR and compensation professionals.