US Talent Deficit A Window of Opportunity for Mexico

US cybersecurity 590,000 talent shortage caused by a lack of competitive compensation, learning opportunities, poor recruitment processes and an outdated four-year degree qualification, has opened up the opportunity to import Mexican talent to a US$192 billion valued market.

In the US, 85 percent of the companies interviewed by New York-based IT consulting Gaper, mainly in cloud computing, security analysis and investigations and application security subfields, have reported facing a cybersecurity multi-year skill crisis.

Due to this cybersecurity talent shortage, companies have been encouraged to look for talent abroad. Such is the case of Bishop Fox, considered the biggest private offensive cybersecurity corporation in the US, which expanded its operations to Guadalajara and envisions hiring 100 Mexican cybersecurity professionals by 2023.

“We decided to open offices in Mexico — particularly in Guadalajara — given the city's long history with information technology tracing back to the 1960s, and the incredible professional and university talent located in the region. This city is the perfect home for Bishop Fox to hire and grow our world-class team of offensive security experts,” said the company.

Bishop Fox revealed that this decision was ignited by the necessity of finding and preparing talent to cover the high demand of ethical hackers to anticipate vulnerabilities identified in software systems and apps. This trend represents an opportunity for Mexico to export its cybersecurity talent and get on board with a market valued at US$192 billion by 2028.

One of the reasons for US talent deficit includes staff burnout, as the workload for cybersecurity teams has increased by 62 percent, resulting in more opened vacancies in cybersecurity-related fields, according to the statistical overview powered by the Information Systems Security Association International (ISSA). 

While 44 percent of cybersecurity professionals have reported a bad-to-worse situation, 95 percent agreed that the talent crunch and its consequences remain unsolved. To address this issue, experts from Gaper and Alpine Security have discussed skill shortage causes and their possible solutions.

Although experts from both companies have ruled out human talent shortage specialized in cybersecurity as a cause, Gaper has reported the profession is undervalued by its demand, resulting in low competitive compensations that fail to attract suppliers.

Gaper says poor HR recruitment processes is one of the causes identified for this hiring shortage.  

“ISSA’s report suggests that 29 percent of professionals in the fields find that HR in their company is likely to reject skilled applicants simply because HR personnel does not have the appropriate understanding of the skillset required. In addition, 25 five percent found that job advertisements for cybersecurity positions were impractical and expected unreasonable levels of experience, technical skills, and certifications from candidates,” reads Gaper’s report.

According to the New York-based company, it is crucial for hiring companies to be more aware of the importance of cybersecurity competitive salary, a skill-building culture, diligent HR recruitment and a better engagement of cybersecurity teams with companies' business areas.

Moreover, there is a prevailing outdated belief that a qualified candidate necessarily has to have a four-year college degree and this notion has driven the talent shortage to an exponential increase, argues Christian Espinosa, Founder and CEO, Alpine Security.

“Given the rapidly changing landscape of technology and education, colleges are struggling to keep up with the evolving field in cybersecurity. From my experience, most colleges are teaching cybersecurity courses using outdated methods and theory-based curriculum that leaves students unprepared for the practice of the industry,” said Espinosa in Forbes.

Espinosa says recruitment practices should redefine what it means to have expertise in cybersecurity issues through self-taught candidates that possess high levels of skills compared to professionals that have a substantial theory but lack the experience.