Cyber Talent: It is more about Talent than Cyber

1 October 2020 Information Security

The annual security workforce study conducted by ISC2 has found that while approximately 2,8 million professionals currently work in the cybersecurity field around the world, an additional four million trained workers are needed to fully bridge the skills gap and properly defend organisations against threat actors.

In other words, there are simply not enough skilled professionals to keep up with the level of sophisticated threats and attacks that we are seeing. And this huge gap is only going to widen.

So, what can we do to address this imbalance? One option is more sophisticated and automated technologies, helped by the development of AI, for example. However, cybersecurity is more than just technology; in fact, it is the human element that makes the difference. There is clearly a need for both training and certifications for newcomers to the field, and for current cybersecurity professionals to enhance their proficiency. Also crucial is to increase awareness of cybersecurity itself to a wider audience, helping non-technical staff become the human firewall every company needs to face current and future attacks.


Joe Robertson.

I believe the most critical factor for increasing cybersecurity recruitment involves the image cybersecurity conveys. There is a misunderstanding of what cybersecurity requires when it comes to skills. Of course, there is technical knowledge that must be acquired, but just as important are soft skills: the ability to prepare, analyse and learn, prevent and protect, adjust, and react.

Cybersecurity professionals are mostly seen as young nerds (usually male) behind their screens, working away in a dark room as they combat hidden evil forces, dealing all day with complex statistics, numbers, and technologies. That’s not completely wrong, but it’s also not the total reality.

Diverse backgrounds required

The truth is both women and men make excellent cyber professionals. They come from a wide variety of backgrounds and profiles, and any age group, too. It is very important for the future of our industry to shift the perception of the cybersecurity professional to an inclusive image of men and women of all backgrounds. In the long run, this is one of the keys to minimising the global cyber talent gap. We must attract applicants from the widest possible pool of talent.

As an example, with so many attacks being based on social engineering, it is necessary to employ psychology, analytical skills, creativity, and even cultural awareness to perceive, understand, and anticipate these techniques.

As most cybersecurity professionals work within a team framework, communication skills are paramount to efficient operation of the team. But it’s more than just communicating or sharing information; an open mind for input from other team members and the ability to collaborate to achieve team and personal objectives are just as important.

Awareness and concern for privacy, process, and or tailor-made proposals could be found in a number of profiles that are rarely considered by recruiters, such as doctors, lawyers, or salespeople. If a candidate has a taste for new technologies and an awareness of cybersecurity implications in all areas of everyday life, you have in front of you the perfect profile to evolve in the cybersecurity professions.

And there is quite a varied cybersecurity playground for them to express their skills and creativity. Consider, for a moment, grouping personalities into three broad categories:

The Explorers: those who prepare the ground, analyse the threat landscape and its evolution, and anticipate the best architecture to put in place. They are particularly good in analysis, psychology, and communication. They may develop these skills in many personal areas such as puzzles or escape games. A good fit as a job in a cybersecurity environment could be as a security consultant/advisor, security analyst, or in the security/compliance office.

The Designers: here we find those who define the architecture and make sure it is efficient and accurate so as to block as many threats as possible, but also to respond and react to attacks. In this category, soft skills such as leadership, collaboration and an analytical mind are important. These people may enjoy large tasks with lots of detail and teamwork, such as playing music or making videos. We meet these profiles in jobs such as CISO (chief information security officer), security project manager or security architect.

The Builders: the builders are definitely those who are on the ground and minimise the impact of an attack. They show great capabilities in creativity, privacy concerns, psychology and they are level headed. They may enjoy building models or electronics in their personal time. They could easily express their skills as security specialist, security engineer, or security administrator.

This simple categorisation is merely an attempt to show that the most represented functions we see in the cybersecurity sector call on a wide variety of skills. These categories will surely evolve, since the cybersecurity landscape itself is evolving with technology, the growing attack surface, and the sophistication of attackers. And, to be sure, there is also a lot of permeability between the profiles. But the bottom line is that we must raise our sights to focus on more than just technical knowledge.

Soft and technical skills

Considering soft skills as an essential link in filling the cybersecurity professional skills gap is crucial in the recruitment approach, but also in the evolution of talent within the company. Training and certifications are there to provide the essential technical layer, but they will never be able to provide the soft skills that are needed to gain an intuitive feel for the threat landscape of today and tomorrow. Identifying candidates with those skills takes sensitivity and flexibility in recruitment and promotion.

What experiences have you had with finding cybersecurity professionals with unusual or non-stereotypical backgrounds?




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.