New Findings in the Development of a Cybersecurity Talent Pipeline

With nearly 8,000 open positions, Arizona faces a growing shortage of cybersecurity professionals. In order to address this growing shortage, businesses must accept a stronger role engaging with education and training providers to build the region’s talent pipeline.

Three years ago, the Greater Phoenix Chamber Foundation launched a Cybersecurity Workforce Collaborative comprised of employers who have cybersecurity as a key function of their business. Through this process, the Collaborative discovered that there was, and still is, no standard naming convention for cybersecurity job titles, making it very difficult to assess the actual workforce need. The group needed to create a standard language for Arizona’s most in-demand cybersecurity position, which at the time was a mid-level Security Analyst, and identify the competencies, skills, and certifications needed at all levels of the position.

Since cybersecurity is a fast-paced and rapidly changing industry, the Collaborative created a Talent Pipeline Management (TPM) Subcommittee this past spring. Developed using supply chain methodologies, TPM identifies employers as the end-user of talent, and therefore, finds that their hiring needs must be communicated to their suppliers (education and training partners).

The goal of the TPM Subcommittee was to determine if mid-level Security Analyst was still the most in-demand job and validate if its required competencies, skills, and certifications were still accurate. They convened employers in healthcare, utilities, and the public sector to collect and analyze hiring data, the driving force behind TPM.

Through data analysis, the subcommittee was able to successfully identify shared needs between employers. With a small sample size, the Collaborative was able to visualize the ongoing shift in Arizona’s cybersecurity workforce and highlighted new industry data points impacting employers and education providers.

Key Findings

  • Mid-level Security Analyst remains the most in-demand role.
  • Competency and credentialing requirements are shifting; credentials that were relevant two years ago are no longer as relevant today.
  • Critical thinking and collaboration are the most important employability skills.
  • A demonstrated record of skill and aptitude through hands-on experience is a necessity for employment.
  • The years of experience required to enter into a mid-level position has been reduced by 2-3 years.
  • Security clearances, which used to be a requirement in the private sector, are no longer needed; background checks are required across the board.
  • Currently, 38% of mid-level cybersecurity employees were internal employer transfers. Given that each industry is unique and often has specific industry certifications, many companies are upskilling their talent by providing cybersecurity education and on-the-job training.
  • There is no existing or intentional educational talent pipeline for cybersecurity; current employees have various degree titles from numerous institutions.
  • There is no apparent pipeline of employees entering cybersecurity from a specific job market, even though many employees came into cybersecurity from unrelated industries.

Questions that Need Answers

These new findings bring up some key questions that need answers.

  1. Without having robust education to employer partnerships, how do employers communicate with the various education providers that certain credentials are losing value, while others are gaining priority?
  2. With no universal required credential or job title language, how do industry leaders make career pathways clear to job seekers, allowing them to enter employment with the correct credentials and skills, accelerating time to productivity?
  3. If employers are lowering their hiring requirements in order to widen the candidate pool, how can employers attract candidates from other markets to ensure Arizona has the most qualified workforce?
  4. With no apparent “target candidate” for cybersecurity, how can industry leaders make a broad audience aware of cybersecurity career opportunities?
  5. With a desire for candidates who showcase competence through hands-on experience, how can employers provide work-place experiences, such as internships, to students?

In order to act on the findings of the subcommittee, Arizona needs more employers to engage in the process. If you are an employer who has cybersecurity as a function of your business, we have a seat at the table waiting for you.

This post originally published in AZ Cyber Talent.