How to Hire, Develop & Retain Talent for a World-Class Security Team

The Changing Role of Security Leaders Includes Talent Management 

Your role as a security leader probably isn't what it used to be. 

Chief information security officers (CISOs), vice presidents of information security, cybersecurity directors, and other security leaders are focused on keeping the organization’s data safe and reducing risks. That hasn’t changed, though it has become more complicated with the increasing number and sophistication of threats. 

But the role encompasses more than architecture, technology, and governance. Now, it includes talent management. 

This new area of responsibility may be unexpected to many leaders like yourself, especially if you came up from a technology background. In short, perhaps this isn't what you signed up for.  

Organizations are learning that hiring security personnel can’t always be left to the human resources department. HR doesn’t always know what they don’t know. Many defer to old-school techniques and requirements to hire and qualify people, but that doesn’t always work when it comes to cybersecurity.

When security leaders are involved in hiring, developing, and retaining cyber talent, you are still supporting the goal of reducing risk.

After all, people are the greatest asset in your organization’s security stack.

That said, how do you as a security leader take on talent management duties when you already have so many other priorities calling for your attention?

It’s a good question – especially in light of our current cyber skills shortage.

Implications of a Cyber Skills Shortage

You’re probably feeling the strains of the skills shortage in many areas:

• Understaffed teams. There are over 760,000 cybersecurity job openings, per CyberSeek. According to ISACA, 62% of organizations report their cybersecurity teams are understaffed. 

• Burnout. There is an increasing number of cyberattacks, which puts added pressure on cybersecurity teams to keep organizations secure. Simultaneously, cyber teams are dealing with a lack of ongoing training and high turnover, which means existing employees are forced to take on more work without being prepared. That, in turn, can result in low morale and burnout.

• No career path. Employees don’t feel like they have the opportunity to advance because there is no one to backfill their position. Without a training program in place, cyber professionals don’t have the opportunity to learn new skills that will get them to the next step in their careers. Good people end up leaving to get new job opportunities.

• Retention becomes even more difficult. Companies are so focused on hiring, their current team members are not being rewarded. Employees find that the only way to advance in their careers is to take a higher position at a different company. 

• More security vulnerabilities and cyber risk exposure. According to Fortinet, 67% of organizations agree that the skills shortage creates additional cyber risks for their organizations. They are not able to adequately and quickly respond to and mitigate cyber threats. 

• Increased strain on budgets. Understaffed teams require organizations to contract cybersecurity specialists, which costs more than a salaried employee and can significantly strain a company's budget.  

Grow Your Own

So, going back to the previous question: How can you as a security leader take on talent management duties in the midst of this cyber skills shortage?

The best choice is to grow your own personnel.

It’s hard to find the “purple unicorn” that has the years of experience, certifications, training, and other qualifications that you may be looking for. But there are ways to find people with the right aptitude for the role. For example, we’re seeing more progressive CISOs, VPs and security leaders look for innate abilities like problem-solving, leadership or agility first. Then use tools to accelerate team members’ growth and experience specific to their cybersecurity work roles. That enables you to build the team you desire.

Cyberattacks are modern warfare, and we have to build our own military.

The first step is to understand how people learn.

Stages of Learning

1. Knowledge

Think about a sport you love – like football, hockey, etc. Knowledge is understanding all the rules of that game. Even if someone has never picked up a baseball bat, they can still understand how the game is played by learning the rules and nuances. 

2. Skills

Skills are individual things that you can do, such as hitting the ball with the bat or catching the ball. Skills are honed through practice or drills. 

Most programs and certifications are knowledge- and skills-based only. That’s why students come out of programs and still have trouble finding a job. They don’t have experience.

3. Abilities

Abilities come with experience. In cybersecurity, that’s where simulation and cyber range exercises make a huge difference. Abilities combine knowledge and skills with real-life implementation, so people know what to do, how to do it, when to do it, and – most importantly – why to do it. 

The cyber skills shortage results from candidates having either knowledge or both knowledge and skills but lacking experience (or proven abilities). Cloud Range’s products throughout the Cyber Learner Lifecycle™ solve the skills shortage problem and help organizations “grow their own.”

How Do Security Leaders Grow Your Own Talent?

Engaging in regular live-fire simulation exercises that mirror real-world scenarios is the best way to accelerate your team’s experience and improve performance. 

Cloud Range’s team simulation exercises dramatically improve technical abilities, as well as communication, collaboration, and critical thinking. The ongoing program allows teams to participate in a variety of multiplayer cyber attack scenarios from the Cloud Range library. Teams enjoy the missions and are excited to work together to take on new challenges. And you will be able to watch them improve over time and take on more complex scenarios.

FlexLabs skills development courses and modules help users hone their skills and bridge any gaps found in the team environment. They can help your team members prepare for future roles and certifications, as well.

All of Cloud Range’s hands-on training and immersive, live-fire experiences include detailed metrics and analysis, giving security leaders new and valued insight into their teams.

Our experts also work with security leaders to create customized learning plans for your team members that can be tracked in Cloud Range’s Performance Portal. That empowers your people to chart their career trajectories and advance within your organization, leading to improved retention.

Additionally, Cloud Range’s aptitude and candidate assessments help with hiring and placement, so your people are working in their highest and best use. 

Bottom line: Cloud Range’s suite of tools and services will help you build and optimize your ideal security team – without adding anything to your already-full plate. 

Learn more about how to hire, develop and retain talent for a world-class security team. Watch “The Changing Role of Security Leaders” webinar by clicking the button below.

Click this link to read the Q&A's from The Changing Role of Security Leaders webinar.

Ready to get started? Contact us.