#GartnerSEC: Rewrite Recruitment Strategies to Fit New Roles and Career Paths

Speaking during the Gartner Security and Risk Virtual Summit, research director David Gregory said the COVID-19 pandemic could be “considerable, in terms of the number of people who might be available” to fill security job roles. Despite this, he said it is unlikely this will lead to the right skills being available.

Globally, Gregory said that it was predicted that the skills gap would remain, and he suspected the impact of COVID-19 would not affect that.

He said a “fundamental issue is business are often guilty of looking in the wrong place for the wrong people with the wrong skills,” and it is the view of Gartner that there are underlying problems holding organizations back in this area. This includes businesses trying to find the “right candidate, even though this is never guaranteed.”

He also said a demand for “instant results” has led to a demand for instant talent rather than forming a long-term strategy, and organizations “develop their resilience strategy in silos, so working in this way we’re not able to see the bigger picture.”

Citing Gartner statistics which showed 61% of survey respondents said they are struggling to find and hire security professionals, Gregory said this requires an organizational response, as if a business operates in silos, “they will never understand full business concerns.” He also said that whilst IT and technical knowledge is important, business should be able to “engage with people at all levels of the organization, coupled with business acumen, which will be every bit as valuable in the future.”

He said the following skills are in demand, and can be developed and trained, and may also be suitable for outsourcing:

  • Information security/cybersecurity analyst
  • Security engineer/architect
  • Vulnerability analyst/penetration tester
  • Cyber-threat analyst
  • Risk assurance analyst
  • Information security/cybersecurity manager

“Now, more than ever, there is a need to ensure we have the right skills and competencies within our organizations,” he said. “The impact of COVID-19 will provide significant business challenges and lead almost certainly to organizations having to do more with less. There will be a need to focus on ensuring that the right skills are available to drive your organization through and beyond these difficult times.”

Gregory also said the COVID-19 pandemic will allow organizations to remove a “need to be in the office” mentality to hiring, “and the recruitment net can be cast over a wider geographic area for roles that can now be fulfilled remotely.”

For a strategic workforce planning process, Gregory recommended these steps:

  1. Understand business strategy, define value drivers/capabilities
  2. Segment roles by impact on capability delivery
  3. Scan the environment to identify key factors driving future-state scenarios
  4. Construct scenarios for the future state of the workforce
  5. Assess the current state of the workforce, define gaps against the future states
  6. Develop action plans to close gaps, monitor process and adjust for change

“There will be a need to bridge the skills gap inside the organization,” he said. “Taking a market-driven predictive approach connects those employees and learners to those in-demand skills. So to stay ahead of the curve, there is a need to consider reviewing the skills and recruitment strategy within your organization.”

A way to do this is to create job ladders so employees can see a career path, rather than just a job, which can better ensure employees remain with a company and make an organization “a destination of choice.”

What’s Hot on Infosecurity Magazine?