Attracting and retaining IT and cybersecurity talent

Australia is facing a skills shortage across a broad range of industries, from labour to health care, and more. However, the Information Technology (IT) and cybersecurity sectors are disproportionately feeling the impact.

The pandemic upended traditional workplace arrangements. There is now proven success in flexibility, and together with industry skills shortages and surges in offers and salaries, people are rethinking their working lives. As a result, the market is being tested.

Organisations, and entire industries, are experiencing enormous changes with the acceleration of digitisation. This rapid shift means demand is outpacing supply.

The solution doesn’t lie with individual organisations — it’s a challenge Australia needs to face collectively. If the skills gap continues to widen, our ability to compete on a global scale could be heavily affected.

Migration plays a major role in Australia’s economic success, and migrants have long been an invaluable source of talent procurement in IT and cybersecurity. However, COVID-19 made it painfully obvious that we must be able to look inwards to fill the skills gap, as relying on immigration as a lever is expensive, time consuming, and prone to disruption.

We can’t sit back and wait for a remedy. The current crisis needs an immediate solution.

The impact of the skills gap

The lack of available talent is putting upward pressure on salary expectations, career development, training, and diversity of opportunities. As a flow-on effect, increasing salaries for newly acquired talent creates disparity of salary, and sometimes conflict, between existing staff members. This can lead to existing experience being perceived as less valuable than new talent acquisition.

Being prepared for, and able to keep up with, the pace of change brought on by the acceleration of digitisation is not the only area heavily impacted by the gap.

The cybersecurity sector is in relative infancy; however, threats are growing and diversifying. People, government agencies, and entire industries are going digital at an unprecedented rate which both expands the attack surface and creates a need for IT and cybersecurity roles that are difficult to fill.

The Australian Cyber Security Centre (ACSC) cyber threat report found a 13% increase in cybercrimes reported in 2021, while the latest passing of the Critical Infrastructure Bill expanded the list of industries requiring mandatory cyber reporting and protections; further evidence of the increasing threat. This list now includes defence, health care, banks and financial services, and more.

The federal government’s Secure Australian Jobs plan addresses the need for increased university places, boosting apprenticeships and traineeships, and wage increases. This is all valuable in the fight to tackle the gap, but there is a crucial piece missing.

It’s not good enough to acquire the talent to fill the shortage. The talent must be retained.

Closing the gap and retaining the skills

There are strategies that can identify the best way to secure and retain the necessary skills.

Strategies to improve the work experience can be broken down into three broad areas: investment into training; automating the mundane; outsourcing, in-sourcing, and specialist engagements.

Building up the skills base within an organisation is an important step; however, this requires prioritising skills training as well as the significant investment of time and money.

There are few things more disheartening in the workplace than having to perform the same simple, repetitive task over and over. People should be hired for their talent, and this means they should be presented with opportunities to constantly learn, grow, and move on to more complex activities.

Often incorrectly synonymous with humans being replaced by machines, automation is increasingly used to drive operational efficiencies, streamline administration, and speed up time to market.

Outsourcing, or obtaining goods and services from a third party, is often used to get better services, at a lower cost, for skills that are not core to the business.

Across almost all industries, IT is a core business function and required skillset. As a result, many organisations are beginning the process of in-sourcing — the assignment of a project to a person or department within a company rather than to a third party. Depending on what is best for the organisation, this can be done holistically or selectively.

In-sourcing allows for greater control, ownership, and progress, but there are situations that benefit from selective in-sourcing and/or specialist engagement. For example, depending on an organisation’s scale, priorities, or strategic direction, it may benefit from outsourcing generic, low-skill, or volumetric work while in-sourcing specialist or domain expertise.

Software-as-a-service (SaaS), especially in the cybersecurity space, can provide a silver lining for organisations struggling with skills and capacity in their teams. Relying on the provider for platform health, capacity and high availability allows for increased focus on policies around cybersecurity and business function.

Leveraging automation in SaaS security increases the ability to scale more efficiently than with smaller teams supporting advanced controls deployed across a number of services. This provides the best of both worlds, effectively outsourcing the unsophisticated work of maintaining platforms and capabilities while at the same time retaining the skilled work that requires detailed business knowledge.

The need for IT and cybersecurity skills will continue to grow across every industry. Adjustments to methods of acquisition and retention of critical skills will play a vital role in ensuring the gap is closed, and then maintained.

Image credit: iStock.com/Dmitry Kovalchuk