Bad news for IT: There’s a shortage of security pros

No matter how many qualified techs there are out there, finding good IT employees has never exactly been an easy task. And it’s only going to get harder to find security-minded professionals, according to a recent report. 

According to the RAND Corporation, techs with security skills are in the pipeline – schools, training and security awareness are leading to more qualified candidates coming soon. But likely not soon enough for many organizations.

In the meantime, companies are facing a shortage of security personnel who command very high salaries as a result, RAND said in its report Hackers Wanted: An Examination of the Cybersecurity Labor Market.

Filling from within

Since the market is tough for cybersecurity pros, many companies are filling the demand for security by hiring internally, according to the report.

Security pros don’t just come from the IT department, either. RAND observes that many organizations will select candidates based on their interest and willingness to learn rather than credentials they had coming into the job.

With adequate training, these interested parties have a real shot at becoming valuable security assets, growing talent instead of purchasing it.

Building a better cybersecurity pro

So what does it take to become a crack security expert? Here are some things to look for:

  • Problem-solving ability. Employees who are natural problem solvers make some of the best candidates. If they can think through processes from beginning to end, especially with a mind for weaknesses, they can help thwart attacks before they occur.
  • Flexibility. Since most employees don’t come to organizations with a background in security, they’ll be facing a pretty steep learning curve. Work with candidates who you know would be responsive to training and direction since they’ll likely be starting somewhere around square one.
  • Engagement. For a security professional to be truly successful, they’ll need to care about the overall health and well-being of the company. In many cases, this will mean pulling from candidates who have been with your organization for a long time. Someone working their first job out of school might not have the same devotion to protecting the organization as a worker who has built loyalty to his or her employer.