The latest in cybersecurity hiring, this CEO says, should be about accessibility

As the war between Russia and Ukraine continues and threats of cyberattacks loom, more companies than ever before are thinking about how to build up and build out their cybersecurity teams.

But while more people might be thinking about cybersecurity, Kevin Hanes doesn’t believe that this means the problem is getting solved.

“There’s more awareness, which is good,” the CEO of cyber training company Cybrary told Technical.ly. “I think there’s more probably being done, which is good, but at the same time, it doesn’t feel like the problem is getting any better, and that’s not good.”

Hanes even expects cyberattacks to increase. That translates to an even bigger need for cybersecurity talent in a field already seeking a huge number of new hires. Teams are spending a lot of time searching for the right people with the right skills to solve these problems. Still, that doesn’t mean they’re using the right methods.

Over the past few years, Hanes said, many teams and organizations are moving away from a need to deploy the latest and greatest tech. Instead, their current focus is on people and skills over anything else.

“If you think about what would be the best risk mitigation for the next dollar that you spent in cybersecurity, where would that be?” Hanes said. “In the past, I would have said maybe prevention, maybe detection, maybe mitigation. I would say now — and I think a lot of people would say — scaling up my team, getting a team and scaling it up, which is good.”

Cyber is an industry that changes all the time, as well, which makes it difficult for new and experienced talent to keep up. Hanes, for one, said there’s been a huge recent shift to defensive cyber — meaning that a company’s tech is stronger against a number of issues, instead of targeting a few types of hacks and ransomware.

However, he noted, this focus can make it difficult to find those who will best carry on the current work. Focusing on certifications is one of the quickest ways to search for talent, Hanes said, but it’s not necessarily indicative of any individual candidates’s skills since the industry changes so fast. Even current and skilled cyber professionals need to constantly learn how to treat new vulnerabilities or keep up with new threats.

Hanes acknowledged that this dynamic results in cybersecurity often being filled with cyber professionals and people interested in continuing education. That that doesn’t stop at those already in the industry: Many companies, according to Hanes, might have IT and network or system administration employees who are interested in moving into cyber. He thus encourages companies to invest inwards toward this potential in-house talent.

A commitment to ongoing training is even something that hiring managers can note in the interview process. Potential hires might be looking for these supports, as well.

“There’s a high level of attrition in the field, so [people think], ‘Hey, what if I invest in these people and they leave?'” Hanes said. “I would say, ‘Well, think about what the risk is if you don’t invest in them…that’s maybe a bigger risk.'”

While he’s seen people from all fields, technical and otherwise, make the transition to cyber (and hopes new talent doesn’t get discouraged), he noted that the industry’s intimidating image is a current hiring issue. A lot of the terminology and jargon is not only complex, but it’s militaristic and even masculine in nature. He hopes the industry and hiring professionals will  “clean up” their job postings accordingly as they move forward.

“I would hope that what all of us in the industry would do is really think about making it accessible for more people, because we all need that,” Hanes said.