Addressing the Cyber Security Talent and Leadership Gap
Cyber security expertise and know-how are critical not only to a company’s competitive advantage, but also to ensuring a safe and secure society. But as new technologies are developed and new threats emerge, Canada and the rest of the world face a chronic cyber security talent shortage. That talent gap is not only risky, it’s also expensive.
In Canada alone, cybercrime comes with a $3 billion annual price tag, according to the National Cyber Security Action Plan 2019-2024 Report by Public Safety Canada.
The 11,000 professionals currently working in the Canadian cyber security industry are not enough to meet the demand, which is expected to grow by 66% by 2021. This means an additional 8,000 cybersecurity roles will need to be filled by the end of 2021.
How do we as practitioners in the Human Capital Management industry address this chronic cyber-talent shortage?
Three Key Human Capital Gaps
To better understand the future shape of this emerging work force, Phelps has identified three key human capital gaps, within the cyber security sector:
1. Skills Gap. The cyber security industry needs very well-rounded individuals who can contribute effectively in teamwork situations, balancing the right mix of technical, analytical and soft skills.
2. Experience Gap. Future employees will need to hit the ground running. Closer ties to post-secondary programs, partnerships and competitions will be needed to bridge this experience gap.
3. Leadership Gap. We must ensure our most brilliant engineers, coders, and scientists have developed the leadership skills required to take on these key roles beyond their technical expertise.
Although great efforts and strides are being made by education and business to close all three gaps, more work and investment will be needed for the long haul.
New Kind of Leadership Resiliency Needed
Today’s landscape of escalating cybercrime demands a new kind of leadership resiliency. Cyber leaders must be equipped to not only protect organizational data but also take on advanced leadership capabilities of making critical decisions, mitigating risk and advancing policies to respond to future disruption scenarios.
Ironically, while the cyber security industry is fueled by technology, I believe our focus needs to be human-centric. We need to anticipate how we will support future workers, create cutting-edge training and development, and find organizational flexibility. This will require a cyber security recruiting strategy centered on higher level competencies and broader leadership and management capabilities.
Today’s cyber security professionals tend to be predominantly male and come from an information technology background. This narrow profile suggests there may be significant untapped potential to address the cyber-talent shortage through greater diversity and inclusion. According to our survey results, the average Canadian cyber security team is only 29% female.
In some respects, this is a positive finding since it is much higher than the global average of 11 percent. However, there is still significant room for improvement – especially at the executive level.
We will need to be creative and purposeful to attract the right candidates. Deloitte has identified seven cyber security personas that will be required for this brave new work – strategist, advisor, defender, firefighter, hacker, scientist, and sleuth. We see this as a helpful starting point in creating a new recruiting framework to close the ever-growing cyber-talent and leadership gap.
Real and meaningful change in the cyber industry requires a new human resource discipline – one that advances connectedness, inclusivity and organizational flexibility.
It will require bold collaboration on the part of government, educational institutions and businesses. But with all stakeholder working together, Canada has the potential to emerge as a world leader in cyber security.