GRC hiring is in crisis. What to do?

How can an industry that desperately needs more talent simultaneously have qualified candidates grappling to find a job? This is a perplexing situation in cybersecurity and the GRC sector today 🤔

A recent survey by Kaspersky highlights that it takes more than six months for 48% companies to fill a position, with senior roles taking even longer — up to a year 

Yet, there are plenty of pursuers waiting in these long queues to get a job, and plenty planning to exit the field (66%.)  In this edition, we unravel what’s behind this paradox.

Myopic hiring is locking out fresh talent

Nearly 31% of cybersecurity teams lack entry-level professionals, and 15% have no junior staff with 1-3 years of experience, highlighting a critical trend — many organizations are not interested in training and building a pipeline of next-generation talent, but poaching skilled workers from other companies. And this is where things start to get murky…

Only 10% of the teams report no cybersecurity skill gaps, which means only a short pool of skilled candidates gets redistributed as professionals migrate from one company to another.

To businesses, this comes as a temporary sense of relief, but in the long run, it suggests mere redistribution of the very short pool of talent, instead of its expansion.