Build (Don't Buy)

A Skills-Based Strategy to Solve the Cybersecurity Talent Shortage

The problem

The US has less than half of the cybersecurity candidates it needs to keep up with ever intensifying demand. For every 100 active postings, there are a mere 48 qualified candidates. So how can we solve the cybersecurity talent crisis?

The answer: build, don't buy

Companies in need of cybersecurity talent should re-skill existing employees rather than recruit outside their walls for talent that is already extremely hard to get.

This paper offers suggestions regarding the following:

1) Which candidates are ideal for reskilling?

2) Which skills should companies and regional training and workforce partners develop?

As the US addresses the cybersecurity talent shortage, everyone has a role to play:

Employers should invest time and money in helping employees acquire cybersecurity microcredentials.
Colleges, universities, and other training organizations can focus on the key skills needed at the local or regional level and help upskill the many working adults who might be looking for new employment, plus a generation of new grads hungry for good opportunity in a disrupted labor market.
Regions and cities have a vital role in addressing the crisis as they broker between local businesses and higher education to fill the talent gap. Such data will help them address specific regional needs.

Collaboration is key

Together, employers, workforce development organizations, and higher ed institutions can reduce the cost of cybersecurity certifications, and communicate the value of these qualifications to a wide range of students in diverse programs. This collaboration will forge good relations between the development and business communities, but more importantly, it will help residents of those communities find excellent jobs.


Download the full report