India is among the top countries that have experienced fast digital adoption. However, the fast pace has made us vulnerable to cyberattacks and subsequently the need for more domain experts. With the growing number of cyber-attacks and data breaches, the industry is in dire need of skilled cybersecurity professionals. Despite the high demand for cybersecurity talent, there is a significant skills gap in the industry.

In view of the talent gap, People Matters spoke to Raj Sivaraju, President, APAC, Arete on challenges of getting and retaining cybersecurity talent in the evolving work world.

According to a survey by TeamLease, cloud developers and cybersecurity engineers have emerged as top roles that freshers can expect in HY 2023. Why is cyber security a place for new talent to come in?

The world today is advancing towards complete digitisation at breakneck speed. Although this accrues multiple benefits, businesses must consider its security ramifications. Organisations are allocating more financial and human resources to the sector due to this threat. The field is thus bustling with opportunities. Skilled professionals are in high demand, and companies are willing to pay high salaries for them. Therefore, the segment has multiple avenues for new talent to explore. 

Has India enough talent to fill the positions in cybersecurity? If not, what are the causes of the cybersecurity skills shortage?

A recent report by the World Economic Forum stated that 59% of business leaders and over 64% of cyber leaders think that talent recruitment and retention are the key hurdles in building cyber resilience. This fact underscores the glaring gap between the demand for skilled professionals and the number of employees willing to enter the field.

Several reasons may be contributing to this gap. This includes a variety of myths that surround the industry. For example, many feel that the job requires technical skills, so those from non-technical backgrounds cannot apply. This contradicts the fact that soft skills are in high demand in this sector. In addition, critical thinking, collaboration, and problem-solving skills are fundamental to successful teams because they assist people in working strategically and collaboratively to prevent risk.

What, according to you, are the preventive measures and strategies to bridge the talent gap in cybersecurity? How can organisations address the skills gap in this field?

We need to augment the training deficits in the field. The curriculum must be continually updated and kept in tune with the latest developments in the field. Employees should be educated on cyber security best practices within the organisation. As data breaches can happen at any level. Dissemination of information about the engaging and diverse nature of the job is essential to attracting highly qualified applicants.

At the level of the organisation, there should be a thorough evaluation of the skills and shortcomings of employees and teams. This will help address gaps and design comprehensive training programs well-suited for all members.

It is predicted that the necessary skill sets for the same job will change by more than 48% by 2025 in India. How can companies prepare themselves to avoid future skill gaps?

In this case, the first and foremost step is to challenge the normalisation of skill deficits. Companies should not take it as given. Identifying the obstacles to talent retention requires an audit of work policies and work cultures. Cybersecurity jobs require constant learning and gradually building a strong skill set for identifying and responding to cyber risk. Investments need to be made to properly train the workforce in cybersecurity and disseminate information about the hiring requirements to dispel myths. Talent that thrives on challenge would be ideal for a challenging work requirement.

What strategies have you found to be effective in attracting and retaining top cybersecurity talent?

In the fast-paced world of cybersecurity, attracting and retaining top talent is critical for organisations to maintain their security posture. An effective strategy for attracting and retaining cybersecurity talent entails offering competitive compensation packages, providing professional development opportunities, cultivating a positive and inclusive work environment, investing in cutting-edge technology, and building strong relationships with universities and industry associations.

• Fostering a positive and inclusive workplace culture is also crucial for attracting and retaining cybersecurity talent. Creating a supportive, collaborative, and flexible work environment can help employees feel valued and engaged, leading to higher job satisfaction and lower turnover rates.
• Investing in the latest technology and tools is another key strategy to attract and retain cybersecurity talent. Top cybersecurity professionals want to work with cutting-edge technology and tools that can help them stay ahead of evolving threats and improve their skills.
• Finally, building strong relationships with universities and industry groups can help organizations tap into a pipeline of talented and motivated cybersecurity professionals. This can include sponsoring cybersecurity events, offering internships and co-op programs, and providing mentorship and networking opportunities.
• Overall, these strategies can help organizations attract and retain top cybersecurity talent and maintain their security posture in an increasingly complex threat landscape.

What do you think are the most important qualities for a cybersecurity professional to have?

The most important qualities for a cybersecurity professional to have include strong technical skills, an analytical mindset, creativity, attention to detail, and strong communication and collaboration skills. Technical skills are essential for understanding computer systems and networks, as well as cybersecurity tools and technologies. An analytical mindset is important for assessing potential security threats and vulnerabilities. Creativity and attention to detail are necessary for identifying and addressing security threats. Finally, strong communication and collaboration skills are critical for working with stakeholders across the organization and communicating complex technical concepts to both technical and non-technical audiences. These qualities, in combination, enable cybersecurity professionals to identify and mitigate risks, develop effective security strategies, and maintain an organisation's security posture.