Back to Blogs
Blog Img

The challenge of talent scarcity in cybersecurity

​In the fast-paced digital age, cybersecurity has become an indispensable aspect of any organisation's operations. As businesses strive to protect their sensitive data and systems from malicious threats, the demand for cybersecurity professionals has skyrocketed. However, finding skilled practitioners in this field has proven to be a significant challenge.


Understanding the current landscape

Having worked with the Melbourne cybersecurity community since 2002, I have witnessed the evolution of the field firsthand. Recently, at a CISO conference, a recurring concern caught my attention: the scarcity of cybersecurity practitioners and its impact on businesses. This scarcity, however, is not a new phenomenon. Finding skilled cybersecurity professionals has always posed challenges, reinforcing the age-old saying that good people are hard to find.


Overcoming the talent scarcity

When it comes to finding exceptional security practitioners, trust-building emerges as a key factor. Cybersecurity professionals are naturally cautious about unsolicited outreach, making it crucial to establish connections through trusted sources. Sending a random message on LinkedIn, for instance, is unlikely to yield a response unless there is a prior connection or a referral from a trusted individual.


Unravelling the reasons behind the scarcity

The scarcity of cybersecurity talent presents significant problems for organisations. The market has seen exponential growth in security professionals, including those who cross-train in the industry. However, many lack the necessary depth and breadth of experience that organisations require. Cybersecurity demands not only technical expertise but also a strategic mindset and the ability to think like a threat actor.


The rise of specialist approaches

To tackle the talent scarcity challenge, organisations are increasingly approaching specialist agencies. I have had firsthand experience working with clients who have exhausted their internal hiring processes and turned to generalist supplier agents. However, for critical cybersecurity roles, this approach often falls short. Recently I filled a cybersecurity manager's position within three weeks using a referral chain, bypassing the use of SEEK or LinkedIn ads.


Advice for aspiring security practitioners

For individuals seeking to enter the cybersecurity realm, this is my advice.

  1. I emphasise the importance of nurturing natural curiosity and thinking outside the box.

  2. Given the constantly evolving cyber threats, having a mindset that explores different angles and vulnerabilities is invaluable.

  3. The cybersecurity field offers diverse roles beyond pure technical expertise. Opportunities in education, coaching, and training can be equally rewarding and impactful.


The scarcity of cybersecurity talent remains an ongoing challenge in our digital landscape. Employers must adapt their recruitment strategies to build trust and establish connections with top professionals. Aspiring security practitioners should cultivate a curious mindset and explore the various roles available within the industry.

Watch our Hot Tips & Insights video series discussing these points, in our video library.

Looking for a cybersecurity opportunity in Melbourne? Contact me here.

Latest Blogs