"Look at mid-career professionals who may not have a ton of experience in cybersecurity, but maybe do have experience in a related applicable field," said Siobhan Gorman, Director of Brunswick Group.
With more than 200,000 cybersecurity jobs currently open in the United States alone, it's time to start thinking outside the box when it comes to closing the talent gap. Gorman believes that a short-term solution may be found outside of the information security industry. You could say that she's a walking blueprint.
"I spent 17 years in journalism, and for the last decade or so I focused on cybersecurity as a piece of the national security beat, and I spent quite a number of years trying to raise awareness about these issues," said Gorman.
Of course a journalist isn't the first person you'd think of when hiring for a security role, but Gorman spent her days at The Wall Street Journal covering the most complex security issues. She observed the consequences of data breaches daily, and covered the security struggles that companies face.
"I got to a point where I thought, well, I'd spent a lot of time sort of showing people that this is an issue, maybe I should start to spend some time being part of the solution too, and helping companies think through these issues in advance, or lead through a cyber-crisis if, unfortunately, that happens," Gorman said.
While it would be ideal for companies to be able to hire trained cybersecurity professionals, it's simply not feasible. The reality is that the global demand for cybersecurity professionals is expected to reach 6 million positions in the next three years, and we need a fix now. To put that number into perspective, there are currently around 22 million college students in the United States, so even if a fourth of all students studied cybersecurity and found jobs, it still wouldn't close the talent gap. A transition into security may not seem easy, but we are in an industry in which continuous education is required no matter how much experience someone has.
"It could be legal. It could be risk management. It could be a number of other corporate positions that if you give somebody some additional education on the cyber-front, they would be quite formidable in the workplace," said Gorman.
