By Jim Johnson, Senior Vice President, Technology, Robert Half The FBI’s Internet Crime Complaint Center (IC3) reports that total cybercrime losses in the U.S. exceeded $12.5 billion in 2023 — a 22% increase from 2022 and a new record high. And according to research from IBM, the average cost of a data breach is $4.45 million. Given these staggering stats, it is no surprise that the top priority for U.S. technology leaders in 2024 is the security of IT systems and information. That’s just one insight from Robert Half’s new e-book, Building Future-Forward Tech Teams, which features data from our survey of nearly 700 tech leaders in the U.S. Our workplace research also found that 55% of technology leaders at organizations of all sizes expect staffing constraints to put their priority projects at risk this year. The skills gap in IT isn’t new, nor is the persistent shortage of cybersecurity talent available for hire. The latter staffing challenge means that many companies are struggling to: Fortify their defenses against today’s increasingly sophisticated and persistent cyber threats. Pursue digital transformation with an aim to infuse security into every new initiative and modernization effort. Meet complex and stringent compliance demands related to data privacy and security.  Prepare for the future of work by embracing new technologies, such as generative artificial intelligence (AI) and other forms of AI. The cybersecurity skills gap doesn't just leave organizations vulnerable to external threats. It also contributes to a growing internal problem: technical debt. A shortage of skilled professionals often leads to rushed implementations, outdated systems and unpatched vulnerabilities, all of which can accumulate as technical debt. This debt, in turn, becomes a significant security risk, making it harder to defend against cyberattacks and implement new security measures. These objectives and pressures are driving demand for security architects, network security engineers, security analysts and other specialists with cybersecurity skills. Many companies are also moving fast to adopt and innovate with AI — including bringing AI capabilities into their cybersecurity operations. AI, machine learning (ML) and automation initiatives rank as the second top priority for tech leaders this year, according to Robert Half’s survey of tech leaders. So, what can organizations do to ease their current cybersecurity skills gap and build a team that is prepared to work with AI and other emerging technologies? Below are a few strategies that can help.
While it’s true that some cybersecurity credentials, such as the Certified Information Systems Security Professional (CISSP), are genuine markers of an applicant’s cybersecurity expertise, savvy employers recognize that it’s just as important to hire for experience and soft skills.  You can train new employees on the job for many cybersecurity skills and tools. Drive, determination, time management, adaptability and a genuine passion for the industry? Not so much. Considering that, it might be a mistake to pack your job descriptions with an extensive list of necessary skills and experience and potentially deter otherwise strong candidates. Start with a handful of truly essential qualifications and place the rest under a nice-to-have header.  Also, emphasize that entry-level roles are open to entry-level candidates. This should be obvious, but not all job posts make that clear. And underscore that interest in the field and a learning mindset are important. Additionally, consider job seekers who’ve taken a less conventional path to earn their skills, such as through technical training programs and apprenticeships. When hiring cybersecurity professionals, consider candidates who demonstrate strong problem-solving skills and adaptability. These individuals can be invaluable in defending against cyber threats and tackling tech debt. They can quickly learn new technologies and help refactor outdated systems, improving the organization's overall security posture. Remember, technical skills can be taught, but a passion for learning and the ability to tackle complex problems are essential for managing security initiatives and tech debt effectively.
Starting salaries for cybersecurity professionals remain strong as vacancies continue to outpace the number of available candidates. To help combat the cybersecurity talent shortage, 55% of technology hiring managers surveyed for Robert Half’s 2024 Salary Guide said they’re willing to offer a higher salary to contend for top security talent. So, you need to make sure that your offers are competitive.  It also pays to think beyond starting salary. When Robert Half recently surveyed technology workers in the U.S., we learned that nearly half (45%) are either looking or plan to look for a new job in the next six months. For 55% of those professionals, the quest for a higher salary was a motivator for their job search. However, another 41% of respondents cited the desire for better benefits and perks, while 30% said they were seeking remote work options. 
Only about one-quarter of cybersecurity professionals today are women, according to ISC2, the world’s leading member association for cybersecurity professionals. However, things are improving. To build the workforce they need to succeed today and for the future, many leading employers are making a concerted effort to provide more career paths for women in tech. This is one trend in the cybersecurity profession that can go a long way toward closing the skills gap, so make sure your business is part of it. In addition, when hiring cybersecurity talent, don’t overlook people from underrepresented groups. These individuals may have lacked access to relevant educational resources through no fault of their own. But with the right training, development and hands-on work experiences, they could quickly become vital members of your future-forward tech team. Finally, don’t forget about the option to bring in skilled contract professionals to help support your cybersecurity initiatives. Seventy-two percent of technology hiring managers we surveyed for our Demand for Skilled Talent report said they plan to hire more contract professionals this year, including for other projects security teams often play a vital role in — AI and ML, software and applications development, and technology automation. As explained in our e-book, a scalable talent model, which involves supplementing your permanent staff with contract professionals and consultants, helps keep work moving forward — and often leads to full-time hires. This approach can include tapping third-party resources for support and expertise as well.
Recruiting top talent for your security team is one challenge. Retaining that talent is another, especially in today’s competitive hiring landscape. And one of the most effective strategies for retention is to invest in employees’ professional development and advancement. Meaningful opportunities for learning and skill-building can keep top performers challenged and satisfied in their work. Prioritizing internal promotions also gives valued employees more reason to stay with your organization. Investing in programs for upskilling is also critical for increasing employee engagement — as well as keeping your security operations agile and future-forward.  Your business could: Participate in training programs offered by third parties or technology companies. Companies like AWS, Oracle and Microsoft are among the many reputable resources that offer security training and certification programs. Microsoft also offers generative AI training for businesses.* Subsidize costs for IT certifications and training. Helping to cover the costs for employees to gain in-demand credentials and skills is a win-win. Your workers will feel valued and invested in while your business deepens its cybersecurity skills bench. Identify common upskilling needs. Assess the skill sets of entry-level and other high-potential cybersecurity and IT talent in your organization and build internal programs that can help everyone to level up their abilities. AI and ML will likely be an area you will consider prioritizing, given industry trends. The tech leaders surveyed for our e-book cited AI and ML as the top area where skills gaps are most evident in their organization. As you seek to align development opportunities for your cybersecurity team, be sure to ask staff members about their career goals. This information can help you create learning initiatives that will add value to your operations and help fuel employee motivation and morale, and can proactively address and reduce potential impacts from technical debt. The cybersecurity skills gap, like the IT skills gap itself, will take time to close. But it’s important for businesses to meet this challenge head-on, especially as AI is poised to change the profession soon and drive demand for a host of new jobs and skills. Your cybersecurity teams need to be ready to work effectively with AI and manage new threats that will emerge. After all, bad actors can use AI for innovation, too — and many already are. To dig deeper into practical strategies that can help you prepare your employees for the future of work and create a continuous cycle of learning that fuels innovation, download Building Future-Forward Tech Teams from Robert Half. Jim Johnson is senior vice president, technology, at Robert Half. In this role, Jim drives operational effectiveness for our company’s North American technology talent solutions teams through training and development programs. Follow Jim Johnson on LinkedIn. *Robert Half and Protiviti, a global consulting firm and Robert Half subsidiary, are members of the Microsoft AI Cloud Partner Program