Whenever the opportunity presents itself to team up with a promising cyber security company, we’re always up for it. When such a company’s core values and career growth skills are complementing ours, we know that together we will be even better equipped to meet our education and career development commitments. That’s how our partnership with cyberunity, a leading cybersecurity talent and career coaching agency, came to life.
With cyberunity joining us as a Global Cyber Conference Headline Partner, Samir Aliyev, CEO and Founder of Swiss Cyber Institute, takes the opportunity to discuss with its Founder and Talent Community Manager, Peter Kosel, significant talent recruitment and skills gap challenges facing the cybersecurity industry.
SA: Peter, the war for talents has been raging for years and exceptional individuals are in high demand and in the driver seat. Which strategies should organizations adopt to fulfill their business and growth objectives?
PK: KNOW YOUR TALENTS instead of WAR FOR TALENTS. We hear from many employers that they are urgently looking for employees – this is especially true in the field of cyber security, where the demand for talent is increasing immensely.
However, if we look at what companies are doing to get in touch proactively with their top performers of tomorrow and, above all, to cultivate these relationships sustainably, we see a striking discrepancy when compared to customer relationship management. In the context of CRM, it is well understood that the sales of tomorrow (and the day after) must be initiated today by sales managers.
No one waits until they urgently need the turnover before pursuing income streams. The solution, therefore, lies in building up a “sales force” to look for and after future top performers at least as well as future customers.
Not all companies can or want to invest in this. With cyberunity’s ‘KNOW YOUR TALENTS‘ approach, employers gain an edge in the talent market when it comes to attracting and winning cyber security specialists early on.
SA: cyberunity has an interesting tagline “KNOW YOUR TALENTS”. Can you explain the concept behind it and how this applies to organizations working with you?
PK: KNOW YOUR TALENTS means targeting, approaching, and nurturing your future top performers before you need them. If you know your talents well before you hire them then you have a decisive advantage in the market.
This concept is comparable with CRM. It is crystal clear that clients must be approached far before one generates revenues, which is why companies invest in sales teams. Winning future employees is the least important as winning future clients. Is this mindset already in place and practiced by employers?
SA: What is the number one reason why organizations struggle to recruit cyber security talent?
PK: Ultimately it all comes down to awareness, but there are a few interrelated factors: First of all, demand for such talents is currently outpacing the supply, which makes accessing such talents difficult.
Secondly, companies are often still uncertain about what it is exactly that they need – not knowing what you need makes it difficult to find what you are looking for. Thirdly, contemporary recruiting practices are often lengthy, tedious, and leave quite a bit to be desired in the way of service orientation, with some candidates never even receiving a reaction to their application.
There is very little awareness regarding the impression that such processes make on top talents. As a cybersecurity talent agency we receive a lot of insights from specialists in the market and time and time again we are surprised at the low priority that candidate focus is given in recruiting processes. In a nutshell, there is a lack of awareness and a corresponding unwillingness to invest the necessary resources and budget to maintain vibrant relationships with future top performers.
SA: What additional initiatives should organizations try to fill the rising skills gap?
PK: If the deficit in awareness regarding the importance of cybersecurity in the digital age is addressed, then so will awareness regarding the value of specialists who can help achieve it. Continued education for ALL employees regarding the relevance and importance of security is a key first step.
Re-skilling talents by transferring IT- and non-IT employees into security positions is another good way to make sure that the importance of security is well established throughout a business. Finally, introducing dedicated, sustainable, and above all, proactive relationship management efforts for future employees is perhaps the best way forward – here strategic partnerships with recruiting agencies focused on cybersecurity is a fantastic option.
SA: Do you think that general cyber security awareness training help organizations to be compliant and secure?
PK: General awareness training is a good first step, but they are not enough. True awareness raising is a more multidimensional endeavor though. Firstly, it requires companies to dig deeper and meet the needs of individual employees by offering individually tailored training depending on the maturity of different individuals or teams on a case-by-case basis.
Experience groups in which employees are invited to share their experiences over a coffee can certainly help take this to the next level by allowing them to learn from live examples, to get a good feel for what cybersecurity really means in daily business life, and to get an idea of how they can contribute to it actively. For this to work, it is important that it takes place in a trusting and motivating environment – the stick is outdated, whereas the carrot is without question more effective in this context.
In addition to working on the security culture of a company, the topic of cyber security presents a particularly good opportunity to refine a company’s overall corporate culture. Bringing employees together, talking, and exchanging ideas and experiences:
KNOW YOUR TALENTS is a 360-degree endeavor.
SA: What else can be done to raise awareness in our society?
PK: Public awareness campaigns by a variety of interest groups including but not limited to the state or cantonal authorities, think tanks, and educational organizations will do wonders. We’ve experienced this first hand during our regular ‘Cyber Security Circle’ meetings which we organize with security leaders across the industry.
Additionally, developing the Swiss education system so as to incorporate cybersecurity awareness at an early stage, for example through a fixed subject in school, is also something that will lay the foundations for a cyber-aware generation of future top talents.