In 2018, over 500 KFC locations in the UK were forced to temporarily close, due to a shortage of the most popular item on their menu: chicken. The fast food chain had just switched to DHL as their new logistics company, and a myriad of issues, from road closures to DHL’s inexperience with refrigerated goods, resulted in delivery delays and many unhappy would-be customers. KFC had to rehire their old logistics company to deliver to some of their restaurants. A much less temporary shortage is the lack of cybersecurity talent.Between 2013 and 2021, the number of unfilled cybersecurity jobs grew from 1MM to 3.5MM, according to a report from Cybersecurity Ventures. Unfortunately, the data doesn’t forecast a sudden influx of cybersecurity professionals anytime soon. In fact, it’s estimated that by 2025, 3.5MM cybersecurity positions will sit open.The shortage can be felt in nearly every industry, including the financial realm. Community financial institutions (CFIs) without adequate cybersecurity personnel on their company roster are vulnerable to increased incidences of ransomware, data breaches, and cybercrimes.CFIs are a hacker’s dream. Financial institutions store highly valuable data, making them a prime target for cyberattacks. The financial industry is disproportionately targeted by cybercriminals, with nearly 1K reported data breaches since 2018. CFIs are just as much a target for phishing attacks as any other.With the cost of a data breach in the financial industry averaging $6MM, simply accepting a lack of cybersecurity isn’t an option. And without proper precautions, hiring candidates without experience or a background in cybersecurity can leave a CFI and its customers vulnerable.Some institutions have tried outsourcing cybersecurity. While this offers instantaneous protection, in-house security offers priority attention and better control. With traditional pipelines running dry, CFIs should take note of creative approaches to talent sourcing.Diving into unconventional talent pools. Recruiters tend to rely solely on academic credentials to qualify candidates, resulting in a shallow talent pool. But with a growing demand for cybersecurity professionals, it’s time to reconsider primitive prerequisites and reassess what truly makes a good candidate.Technology companies have already begun developing new approaches to talent sourcing. Announcing a campaign to cut the cybersecurity shortage in half by 2025, Microsoft started to partner with community colleges in October of 2021. The effort includes providing free cybersecurity curriculum to colleges across the country, free training for faculty at 150 community colleges, and scholarships to 25K students.In May of 2022, IBM began providing no-cost STEM job training to university students from underrepresented communities, those with atypical brain processing such as ADHD, and US military veterans.Big names in the financial arena are also taking note of this methodology. In September of 2022, Bank of America launched a tandem project with the Liberty Science Center in New Jersey focused on nurturing new talent at the high school level. Bank of America plans to offer positions to students who complete the program and meet certain employment criteria.Prioritizing skills over specific credentials. Companies are responding to the cybersecurity shortage by bringing training directly to potential talent, rather than waiting for them to hit certain benchmarks or hold a certain degree or certificate before considering them viable for cybersecurity jobs.In fact, more companies are beginning to recognize the value of skilled, but uncredentialed workers. Tech giants like Apple and Google no longer require employees to hold a degree. PwC offers a program allowing high school graduates to begin careers in accounting without having spent a day in a college lecture hall.By dipping into talent pools limited in formal training yet overflowing with passion, interest, drive, and related skills, CFIs can discover talent that may otherwise never have made it to the interview table.A modern approach to sourcing talent. Most CFIs aren’t able to partner with universities or high schools across the country from them. But there are ways to overcome the cybersecurity talent shortage on a smaller, more local scale. CFIs can:
- Rethink minimum qualifications. Finding certified talent is great, but hard to come by. Genuine interest and talent within candidate who lacks more formal cybersecurity training can be molded into deep skill sets that surpass higher education over time.
- Revamp your training process. If your training policies are written solely with an experienced candidate in mind, rework them from the ground up. Keep in mind that customized training offers you the opportunity to coach new hires exclusively for your brand.
- Find talent hidden in other industries. Recruiting tech-interested candidates from other industries outside of the cybersecurity space can provide you with talent that ticks off multiple boxes. Such applicants can then be trained to complete the criteria.
- Explore local and undeveloped talent pools. Hosting Q&A sessions at your local library or taking on summer interns to show local talent that there are cybersecurity career options in their backyard at your institution.
CFIs who wait to fill cybersecurity roles with applicants who may never come are putting their finances, reputations, and customers at serious risk. Exploring local undiscovered talent while rethinking hiring metrics can create a steady flow of qualified cybersecurity professionals who can be nurtured and trained to meet your business’ specific needs.