Navigating the Cybersecurity Skills Gap

Workplace Skills

The Future of Work

Thought Leadership

Workplace Research

Technology

Management tips

Management and Leadership

Article

By Jim Johnson, Senior Vice President, Technology, Robert Half

The FBI’s Internet Crime Complaint Center (IC3) reports that total cybercrime losses in the U.S. exceeded $12.5 billion in 2023 — a 22% increase from 2022 and a new record high. And according to research from IBM, the global average cost of a data breach in 2024 is $4.88 million, which is a 10% increase over last year and the highest total ever.

Given these staggering stats, it is no surprise that a top priority for U.S. technology leaders this year is the security of IT systems and information. That’s just one finding from research conducted for Robert Half’s e-book, Building Future-Forward Tech Teams.

We also learned through our workplace research that technology leaders at organizations of all sizes are concerned about tech and IT staffing constraints putting their priority projects at risk.

The skills gap in IT isn’t new, nor is the persistent shortage of cybersecurity talent available for hire. The latter staffing challenge means that many companies are struggling to:

Fortify their defenses against today’s increasingly sophisticated and persistent cyber threats.

Pursue digital transformation with an aim to infuse security into every new initiative and modernization effort.

Meet complex and stringent compliance demands related to data privacy and security.

Prepare for the future of work by embracing new technologies, such as generative AI, and other forms of AI.

The cybersecurity skills gap does not just leave organizations vulnerable to external threats. It also contributes to a growing internal problem: technical debt.

A shortage of skilled professionals often leads to rushed implementations, outdated systems and unpatched vulnerabilities, all of which can accumulate as tech debt. This debt, in turn, becomes a significant security risk, making it harder to defend against cyberattacks and implement new security measures.

These objectives and pressures are driving demand for security architects, network security engineers, security analysts and other specialists with cybersecurity skills.

Many companies are also moving fast to adopt and innovate with AI — including bringing AI capabilities into their cybersecurity operations. AI, machine learning (ML) and automation initiatives rank as the second top priority for tech leaders this year, according to a Robert Half survey of technology leaders.

So, what can companies do to ease their current cybersecurity skills gap and build a team prepared to work with AI and other emerging technologies? Below are a few strategies that can help.

While it’s true that some cybersecurity credentials, such as the Certified Information Systems Security Professional (CISSP) designation, are genuine markers of an applicant’s cybersecurity expertise, savvy employers recognize that it’s just as important to hire for experience and soft skills.

You can train new employees on the job for many cybersecurity skills and tools. Drive, determination, time management, adaptability and a genuine passion for the industry? Not so much.

Considering that, it might be a mistake to pack your job descriptions with an extensive list of necessary skills and experience and potentially deter otherwise strong candidates. Start with a handful of truly essential qualifications and place the rest under a nice-to-have header.

Also, emphasize that entry-level roles are open to entry-level candidates. This should be obvious, but not all job posts make that clear. And underscore that interest in the field and a learning mindset are important. Additionally, consider job seekers who’ve taken a less conventional path to earn their skills, such as through technical training programs and apprenticeships.

When hiring cybersecurity professionals, consider candidates who demonstrate strong problem-solving skills and adaptability. These individuals can be invaluable in defending against cyber threats and tackling technical debt. They can quickly learn new technologies and help refactor outdated systems, improving the overall security posture of the organization. Remember, technical skills can be taught, but a passion for learning and the ability to tackle complex problems are essential for managing security initiatives and technical debt effectively.

Only about one-quarter of cybersecurity professionals today are women, according to ISC2, the world’s leading member association for cybersecurity professionals. However, things are improving.

To build the workforce they need to succeed today and for the future, many leading employers are making a concerted effort to provide more career paths for women in tech. This is one trend in the cybersecurity profession that can go a long way toward closing the skills gap, so make sure your business is part of it.

In addition, when hiring cybersecurity talent, don’t overlook people from underrepresented groups. These individuals may have lacked access to relevant educational resources through no fault of their own. But with the right training, development and hands-on work experiences, they could quickly become vital members of your future-forward tech team.

Finally, don’t forget about the option to bring in skilled contract professionals to help support your cybersecurity initiatives. Sixty percent of technology hiring managers we surveyed for our Demand for Skilled Talent report said they plan to hire more contract professionals in the second half of 2024, including for security, privacy and compliance initiatives and other efforts security teams often play a vital role in — like AI and ML projects.

As explained in our e-book, Building Future-Forward Tech Teams, a scalable talent model, which involves supplementing your permanent staff with contract professionals and consultants, helps keep work moving forward — and often leads to full-time hires. This approach can include tapping third-party resources for support and expertise as well.

Recruiting top talent for your security team is one challenge. Retaining that talent is another, especially in today’s competitive hiring landscape. And one of the most effective strategies for retention is to invest in employees’ professional development and advancement.

Meaningful opportunities for learning and skill-building can keep top performers challenged and satisfied in their work. Prioritizing internal promotions gives valued employees more reason to stay with your organization. Investing in programs for upskilling is also critical for increasing employee engagement — as well as keeping your security operations agile and future-forward.

Your business could:

Participate in training programs offered by third parties or technology companies. Companies like AWS, Oracle and Microsoft are among the many reputable resources that offer security training and certification programs. Microsoft also offers generative AI training for businesses.*

Subsidize costs for IT certifications and training. Helping to cover the costs for employees to gain in-demand credentials and skills is a win-win. Your workers will feel valued and invested in while your business deepens its cybersecurity skills bench.

Identify common upskilling needs. Assess the skill sets of entry-level and other high-potential cybersecurity and IT talent in your organization and build internal programs that can help everyone level up their abilities. AI and ML will likely be an area you will consider prioritizing, given industry trends. The tech leaders surveyed for our e-book cited AI and ML as the top area where skills gaps are most evident in their department.

As you seek to align development opportunities for your cybersecurity team, be sure to ask staff members about their career goals. This information can help you create learning initiatives that will add value to your operations, help fuel employee motivation and morale, and can proactively address and reduce the potential impacts of tech debt.

The cybersecurity skills gap, like the IT skills gap itself, will take time to close. But it’s important for businesses and their technology leaders to meet this challenge head-on, especially as AI changes the nature of work in the profession, driving demand for a host of new jobs and skills.

Your cybersecurity teams need to be ready to work effectively with AI and manage evolving and emerging threats. After all, bad actors can use AI for innovation, too — and many already are.

Here is a final tip for navigating the cybersecurity skills gap effectively: Be prepared to step up compensation to attract and hire top candidates.

Research for the Salary Guide From Robert Half shows that many employers are willing to increase salaries for technology talent with in-demand cybersecurity skills.

For more insight into salary and hiring trends in tech and IT, and to view starting salaries for many security positions in demand, check out our latest Salary Guide.

Jim Johnson is senior vice president, technology, at Robert Half. In this role, Jim drives operational effectiveness for our company’s North American technology talent solutions teams through training and development programs. Follow Jim Johnson on LinkedIn.

*Robert Half and Protiviti, a global consulting firm and Robert Half subsidiary, are members of the Microsoft AI Cloud Partner Program.

Mastering Salary Negotiations: A Guide for Managers

How to Hire Seasonal Employees to Support Your Workplace

The Best Healthcare Jobs for 2025: What You Need to Know