How Australian cybersecurity organisations can foster innovation one role at a time

There are big benefits for cybersecurity businesses prepared to widen the recruitment net and invest in training promising candidates who have the right attributes.

It is no secret cybersecurity skills are in short supply in Australia. There has been a lack of job-ready candidates for several years. AustCyber’s 2019 Australia’s Cyber Security Sector Competitiveness Plan noted the need for an additional 17,000 cybersecurity workers by 2026, and demand for their services has intensified post-Covid as businesses and organisations have scrambled to protect themselves from an ever-growing array of threats.

The skills shortage is impacting both the supply and demand side of the cybersecurity industry. Cybersecurity vendors and service providers are drawing heavily on workers from other industries who have transferable skills to make up the skills shortfall and secure the talent they need to service their customers.

Many individuals working in the broader ICT sector are well-equipped to make the switch and hence have been prime targets for cyber firms seeking to maintain or increase their headcounts.

Same, same: Not different

It is all too easy for cyber organisations to keep hiring more of the same: individuals with roughly similar backgrounds and skillsets to the people already in their teams, but there is a downside.

With a modicum of training and mentoring the new hires may be able to perform their duties capably, but this hiring approach does not necessarily create a workforce comprised of individuals with a broad range of perspectives.

There is no shortage of evidence to show that teams high in diversity—of culture, gender, sexual orientation and life experience—are more innovative and better performing than more homogeneous versions.

For example, a series of reports by McKinsey over recent years has revealed that public companies with the greatest ethnic and racial diversity at the top are more likely to report financial returns above the industry average.

Building rather than buying skills

Increased diversity is a big part of the reason I would like to see more cyber companies have a change in mindset and open themselves to the possibility of building teams and skillsets from the ground up. In practice, this would mean training promising candidates to fill vacant roles rather than buying in the bulk of the expertise they require.

Doing things this way would kill three high-tech birds with one stone. It would go a long way towards alleviating the skills shortages impeding cyber organisations’ ability to grow. It would create more opportunities for individuals from non-traditional backgrounds to forge challenging and rewarding careers for themselves in an industry that is really hitting its straps. And it would allow organisations giving those individuals a start in the sector a better shot at building committed, high-performing, diverse teams.

Making the investment

So, where should cyber businesses that would like to walk the walk begin when it comes to diversity, inclusion and innovation? Hiring for attributes rather than experience would make a great start. Attributes like curiosity, initiative, lateral thinking and tenacity, for example, are all traits that can be harnessed to excellent effect in the cybersecurity industry in roles such as penetration testing, social engineering and analysis.

Quick, motivated learners can add value everywhere from marketing to customer success once they are au fait with the industry and its workings.

Getting rookie recruits up to speed may require more upfront investment than hiring individuals who can hit the ground running, but it can be money well spent, at least for organisations looking at the big picture.

Being part of the change

I am grateful my employer, Devicie, is one of them. With the support of its leadership team I segued successfully from the defence sector into a customer success role a few months ago, and a handful of my colleagues have made similar shifts.

We are excited to be part of a diverse, high-performing team that is transforming a home-grown cyber startup into an international success story with a corporate customer base spanning three continents, and growing.

How good would it be to see other cyber businesses solve their staffing challenges and reap the same diversity-driven innovation dividend Devicie is now enjoying?