As the global talent shortage continues, chief information security officers have grown concerned about the continuing deficit of cybersecurity talent. To attract and retain talent amidst today’s talent shortage, cybersecurity leaders are shifting their focus to more formal human-centric talent management tactics.

Gartner has identified a cybersecurity talent management framework that CISOs and information technology leaders can use to identify and prioritize digital skills and talent needs. By doing so, CISOs can devise strategies and programs that equip the cybersecurity workforce with the skills and competencies to execute digital business strategy successfully.

The cybersecurity talent management framework consists of the following four phases:

Recruiting the right talent

To recruit the right talent, CISOs should create cyber talent profiles based on the functional needs of the organization. Talent profiles are useful when it comes to capturing and communicating the ideal value and vision the role will bring to the organization. It is important to keep in mind, however, that job descriptions that are overly specific and include a long list of required skills and work experience may limit the number of candidates and discourage individuals from applying.

While cybersecurity leaders have often included professionals with an information technology background in their recruiting, security leaders should also recognize that those outside IT also offer competent and gifted talent. For example, this can include candidates who have pursued an education in cybersecurity, started their career in another field before transitioning to cybersecurity, or embarked on a self-learning journey of cybersecurity concepts. There is an abundance of job seekers passionate about cybersecurity, but not all have the traditional technical background. Security leaders should embrace their organization’s brand persona and reframe it to target the right security talent.

Renewing the cybersecurity workforce

The cybersecurity function is evolving rapidly, and the workforce must keep pace. There are several actions CISOs must take to ensure the continuous renewal of workforce capabilities align with and support the digital business needs of today and tomorrow.

It is important for cybersecurity leaders to actively develop not only their critical skills, but the skills of their teams as well to increase their leadership effectiveness. Cybersecurity leaders should allocate time and budget to assess the current effectiveness of the cybersecurity function through holistic skills and competencies gap analyses. Emphasize the competencies that successful security teams need, like digital acumen, business acumen and adaptability.

One of the top drivers for cyber talent attrition is the lack of development and career opportunities. Organizations must provide structure and guidance that will assist employees in planning their career growth. Leading organizations have made efforts to improve the versatility of their cybersecurity workforce through a systematic talent development strategy that enables continuous learning and career growth.

Retaining employees for the long term

The key to retention is a positive employee experience and engagement. It is important for cybersecurity leaders first to establish a clear understanding of factors that affect employee experience and drive employee engagement. Then, they should develop a total rewards strategy that is aimed at motivating, rewarding and retaining employees for the long term.

As cybersecurity leaders struggle to attract and retain talent, they should create an employee value proposition, or EVP, to address the high turnover and changes in employee preference. An EVP is the set of attributes that the labor market and current employees perceive as the value they gain through employment with the organization. A compelling EVP will allow cybersecurity leaders to attract and retain talent in an environment with longer hiring processes, a shrinking workforce, employee burnout and higher wages.

Cybersecurity leaders need to ensure their employees feel seen and that their contributions are valued by the organization. Provide an environment that will be appealing to prospective employees so that they will want to work for the organization.

Releasing employees while staying in touch

Employees will inevitably leave organizations, but the organization’s talent strategy must continue for employees that remain.

Cybersecurity leaders must recognize that employees leaving the organization doesn’t necessarily lead to severed ties. There should be processes put in place to maintain the team’s morale and continuity once an employee has left the organization. This will be beneficial for several reasons, including that the employee may be more likely to stay in touch and there will be a greater chance former employees will re-engage with the organization.

As employees leave the organization, their exit interview must be conducted with care. These sorts of interviews can lead to great feedback that should be used to improve employee engagement and retention practices.

Offer rewards and recognitions. An example of this is recognizing the work of past employees that made a great social impact on the organization. A program that celebrates the accomplishments of past employees is an excellent way to show support while also maintaining relations with past employees.

Overall, when combating today’s cybersecurity talent shortage, cybersecurity leaders need to know how to recruit the right talent, develop skills to renew the cybersecurity workforce, retain employees for the long term, and stay in touch with former employees.

Alex Michaels is a principal analyst at Gartner Inc. where he advises IT leaders and supports security leaders on best practices for strategic planning and development. He wrote this article for SiliconANGLE. Gartner analysts will provide additional analysis on cybersecurity leadership at Gartner IT Symposium/Xpo, taking place Oct. 16-19 in Orlando, Florida.

Image: Bing Image Creator