Marla Ovenden-Cooper" />

How to Find Talent to Fill IT Security Roles in Your Business

By: Marla Ovenden-Cooper

Published On: September 17, 2021

How to Find Talent to Fill IT Security Roles in Your Business

For years the IT industry has been trying to address the cybersecurity gap and although great strides have been made, there are still significant gaps in mid to upper-level positions. There are specialized human resource positions and recruiters dedicated to filling these types of IT roles, all resulting in the cost of filling these positions increasing. For that reason, it makes sense for businesses to consider the question, how can I find talent that may be the right fit for cybersecurity roles within my business? Finding talent within your business is not always easy. It also requires some investment and foresight. But considering the alternative of high-level positions waiting to be filled for months and costly recruiting, finding internal talent makes sense.  

Steps for Success 

  1. Plan training opportunities for junior staff members, many IT professionals, in particular cybersecurity professionals are voicing concerns over burnout. Although the junior level staff may not be as involved in serious events, these staff members often pick up any slack when events occur. As a result, staff can become overworked. No one feels like taking courses on their personal time after being overworked all day. Planning for staff to have specific designated time to upskill in courses like the CompTIA Security+ training course or the CompTIA CySA+ training course provides them a break from their day to day work and increases motivation. Staff members who regularly participate in training will be learning new skills and you will quickly be able to identify who may have the potential to fill mid and senior level roles.  
  2. Require upskilling and training in your contracts for all entry level staff. That is right, don’t just plan time to upskill make it a mandatory requirement. Mandatory IT training and continuing professional courses have become a staple in many industries, just as doctors and lawyers are required to continuously learn in order to keep up to date, IT professionals should also expect upskilling to be a part of their career journey.  
  3. Provide training to non-IT staff with a focus on information security management. Look outside your IT department and offer training on the framework you are using for your Information Security Management System. Whether it be NIST, PECB ISO 27001 Foundation training or Cobit, the foundational training courses for these frameworks often do not require technical skill knowledge. However, these courses may ignite the interest of individuals in other departments who may consider training to learn the technical skills to become cybersecurity professionals. There is really nothing to lose here, at the very least you have raised awareness of staff about the importance of information security and how to manage it.  
  4. Determine who loves learning. cybersecurity and information management will require lifelong learning. Individuals who express a true love of learning in these training courses and who are successful in implementing lessons learned should be fast tracked to additional courses and certifications. IT and cybersecurity courses are more flexible than ever, with self-paced and online-instructor led courses available, the ability to gain knowledge in a way that works for your company and employees has never been easier. Of course providing regular training for staff can be disruptive and costly, if you do not plan for it, but compared to the alternative of having a mid to senior level roles sit unfulfilled for months, the security risks associated with this and the high compensation you will be required to pay an individual to fulfill these roles, training an internal team member may be the better of the two options. There are often training grants available through the local government to assist with training costs.  

Looking Forward 

The key to having a succession plan that works involves including training as a key component of company culture. This means more than just allocating time and resources for training. It means following up to see who is enjoying the training, who is successful and encouraging pathways for education that help staff to fill much needed roles within the business.


The information contained in this post is considered true and accurate as of the publication date. However, the accuracy of this information may be impacted by changes in circumstances that occur after the time of publication. Ashton College assumes no liability for any error or omissions in the information contained in this post or any other post in our blog


    View All Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

198228Array ( [0] => 198 [1] => 228 )

Submit Enquiry Form