Cybersecurity has a bad reputation, and now is the time to rebrand it, showcasing it for what it really is: an industry full of opportunities, challenges and rewards. Once you get in, you never want to get out. So why is it so hard for cybersecurity to attract talent these days?
Cybersecurity’s Bad Rap
What is the first image that comes to mind when you think of cybersecurity? A hooded dark figure maybe, staring ominously out from behind a computer screen, hacking away. That image is universal and has been embraced by Hollywood in various movies and TV shows centering on cybersecurity heroes. My favorite one is The Girl with the Dragon Tattoo. Unfortunately, these heroes, hackers or white hats just like Lisbeth Salander, are always on the outliers of their community, at the edge of society, working hidden, in a basement or clean apartment at best, but always lonely and misunderstood. The other picture of cybersecurity, a more realistic one, is the image of an overworked information technology (IT) security professional, last to leave work, always stressed about some lurking vulnerability, always complaining about the myriad of potential threats and the never-ending lack of resources, misunderstood as well by the rest of IT and the C-suite.
Is This Reality?
When I considered a new position in 2015, my one and most certain condition was to stay in cybersecurity. When talking with other professionals in cybersecurity, whether marketers like me or technical leaders and chief information security officers (CISOs), none would trade their role for any other job in any other industry. You sense in them a mix of pride and integrity that comes with the role of protector of the organization. And even if that role is not well understood or recognized, the satisfaction it gives to cybersecurity professionals is unequivocal. Cybersecurity is much more than an industry of miscasts, but it seems only insiders know about it.
Could this perception of cybersecurity be at the core of the lack of talent joining the ranks of security professionals? Could it be that young college students do not identify themselves to either one of the two images above and rule out a career in that field? Maybe. Probably. Which is why cybersecurity needs help from marketers at the most macro level. It needs a rebranding.
Tapping Into Talent
At our annual Women in Identity dinner last month, Yvette Connor, chief risk officer (CRO) of Focal Point, a SailPoint partner, was giving advice to an audience full of women on how to attract talent in our industry: “Rather than considering if your technical skills are enough, consider if you are a problem solver,” she said. “Technical skills can be acquired, problem-solving is the true skill that any hiring manager should be looking for.” According to ESG Research (registration required), more than half of organizations the firm recently surveyed admit that they have a problematic shortage of cybersecurity skills, up from 23% just four years ago. A skill shortage of that significance bears the question: Is the hiring strategy right? For one thing, it is clearly not diverse enough.
Bringing Diversity To Cybersecurity
I read an article the week after moderating the panel in which Yvette Connor spoke. In the article from Dark Reading, Lital Asher-Dotan explains that technical skills are not mandatory. Instead, problem-solving and interpersonal skills are assessed in a hiring process geared to identify future women leaders. It was the second time I was hearing the importance of problem-solving over technical skills in the matter of one week.
So yes, we are on to something, which is to change how we hire in cybersecurity to attract a more diverse workforce, diverse in gender but also in skill sets. Driving towards a diverse workforce full of power players will only benefit the cybersecurity industry because with a more diverse workforce comes more diverse thinking, resulting in new approaches to solving problems, and new solutions to today’s ever-growing list of cybersecurity challenges that companies face today. But to enable that new hiring strategy to work, one thing must be done: fixing the cybersecurity reputation, rebranding it as an industry with a wealth of opportunities available to those willing to take the leap. In this industry, while the fight to stay ahead of cyber threats is constant, there is no timeout and the stakes are incredibly high. The payoff is the ability to make a difference by crafting a company security strategy that not only protects the company but that becomes part of the solution to the broader global issue that enterprises all over the world face today.
Branding is integral to how a company, or in this case, an industry, appeals to top talent. A rebranding exercise will help drive more talent to cybersecurity, helping to fill some sizeable skills gap holes.
A Shift In Focus
A shift in focus needs to happen in cybersecurity. From a position of weakness to a position of strength, from a negative brand image to a positive one, from male-dominated to diverse. This will not solve all of our challenges, but what it will do is breathe new life into cybersecurity, opening up new career avenues and diversifying our workforce. These are all steps in the right direction that can be made possible with a cybersecurity rebrand. And that is a task I would love to tackle!
