Cybersecurity is ‘inclusive’ by nature: no one is exempt from the fallout of the expanding cyber threat landscape. The notion, therefore, that some groups of individuals are offered fewer opportunities to join the cyber industry than others is frankly absurd.
ISC2’s latest Cybersecurity Workforce Study gives us a snapshot into the supply and demand of cybersecurity talent – and it’s not good news. While the cyber workforce has grown by 8.7%, the skills gap has increased by 12.6%, which equates to roughly 4 million empty roles.
From a DE&I perspective, we have seen gradual improvements; ISC2 reveals that gender and ethnic breakdowns of the new workforce have undergone a considerable shift.
But there’s a lot more that needs to be done. There’s a major paradox at play here: the industry needs more people, yet entire groups of individuals are currently being overlooked.
And it all comes down to the hiring process.
The limitations of CV-led hiring practices
CVs have been the key that unlocks new job opportunities for decades. But when you really think about it, it’s such a restrictive approach.
How can someone possibly capture their skills, their work ethic, their true value in one or two A4 pages? The reality is, they can’t, meaning employers are making critical hiring decisions based on a snapshot of the candidates’ capabilities.
The main piece of information that is impossible to grasp from a CV is the candidate’s potential to succeed in the specific role being recruited for. Past experience can only tell an employer so much, and this is ultimately where talented individuals from non-traditional employment backgrounds fly below the radar.
Our own research shows that 62% of organisations still rely solely on reference checks, CVs and cover letters to screen candidates. With cybersecurity skills in high demand, it’s time we encourage the pursuit of non-traditional candidates to drastically expand talent pipelines and plug the global skills gap.
ISC2 research also revealed that employers value experience over education. Much of the industry will see this as a good thing, but what they haven’t yet realised is that this is still the crux of the skills crisis.
Not all good candidates will have a cybersecurity background. For example, people looking to make a career change are unlikely to demonstrate the ‘expected’ experience, but may still have valuable skills to contribute to the sector.
If job advertisements continue to outline rigid ‘must have’ role requirements like educational credentials, past job titles and years of experience, then huge numbers of talented individuals will be excluded.
It’s time to recognise that experience isn’t everything.
The road to inclusive recruitment
The tech sector’s growing shift towards skills-based hiring prioritises a candidate’s demonstrable ability, considering the skills they’ve already learned, but also the skills they have the potential to acquire.
Implementing a skills-first strategy requires a shift in HR practices and a broader change management programme, but in doing so it allows the previously underserved to unlock new opportunities.
Instead of relying solely on CVs and credentials, skills-first hiring uses data-driven assessments, aptitude tests, and psychometric evaluations to identify a candidate’s relevant skills and suitability for a variety of roles. By focusing on capabilities and potential, a skills-first approach is able to reduce unconscious bias in the hiring process, opening up opportunities to a more diverse pool of candidates, and enabling organisations to find the best fit for each position, then train the technical skills.
Importantly, this approach can open up a whole new world of possibilities for the cybersecurity sector. Traditional recruitment approaches typically disadvantage underrepresented groups including neurodivergent individuals and women. As a result, viable talent is being overlooked.
For example, our research reveals that autistic individuals typically score 10% higher in their digital skills aptitude than those with neurotypical traits, and score higher than the general population in verbal reasoning. Also, almost a third (32%) of neurodivergent individuals score higher in spatial awareness and 10% higher in digit symbol coding.
Cyber is an industry with pressing needs to modernise recruitment practices. Hiring needs to consider more than just experience – it needs to assess potential.
