Internal Development Key to Minimize Tech Talent Scarcity

The accelerated adoption of technology applications and solutions in the emerging digital-first economy has created a pronounced demand for cybersecurity talent in Mexico. The labor pool for this specialized talent is limited, however. Companies should consider the internal development of cybersecurity talent through career programs to proactively bridge urgent security needs in the increasingly hostile digital ecosystem, suggest industry experts.

“By sourcing and training talent from within their own organizations, companies have the opportunity to generate cybersecurity talent that already understands organizational processes and objectives,” said Valther Galván, CISO, Prosa.

The digital transformation inadvertently expanded the risk surface of companies, increasing the need for cybersecurity talent across all of Mexico’s industrial sectors. The observed and tangible implications of cybersecurity breaches over the past two years have clearly demonstrated that businesses’ budgets must now include cybersecurity investments. While Mexican companies have been proactive about their recruitment and retention efforts, companies are reporting that despite those efforts they are still having a difficult time sourcing talent. Furthermore, domestic companies are increasingly having to compete with international corporations that are beginning to nearshore cybersecurity jobs, as they too have a limited talent pool. As such, to appease current cybersecurity needs, companies stand to benefit from upskilling their existing employees, who already understand their organization’s digital infrastructure, processes and objectives.

Preceding this initiative, companies need to first conduct an “internal audit of talent skills, measuring their abilities against cybersecurity needs so that they can easily identify individuals with high-potential,” said José Arraiga, CIO, Tokio Marine. Nevertheless, there should be genuine interest on behalf of candidates to continuously learn and build a career out of this investment opportunity, said Galván. In other words, technical and soft skills can be developed and nurtured over time, but personal attitude cannot. Thus, attitude should play a decisive role in the selection of candidates, who must also demonstrate the ability to communicate effectively with executives and contributors alike so, when necessary, they can provide insights regarding risks for strategic business decisions and create security controls. Moreover, candidates must also display a natural ability to lead considering that “cybersecurity is a strategy that needs to be implemented under well-defined controls and strategies,” said Jenny Mercado, CISO, Betterware Mexico.

This implementation initiative should also consider the “coordination between Human Resources departments and Information Technology departments, so they can create added-value career development programs,” said Arraiga. This is crucial for the development of naturally progressive career pathways in line with cybersecurity needs and for the increase of talent retention rates, allowing the company to retain the employees it is investing so heavily to develop. The primary objective is to create incentives that will make contributors want to stay committed to the organization, something that cannot be overlooked considering that talent-poaching is at an all-time high. That said, companies should acknowledge that they are always at risk of losing their cybersecurity talent to competitors, lifestyle changes and sickness. As a result, companies should prepare “contingency plans such as training multiple candidates and have succession plans in place,” said Arraiga.

Looking towards the future, companies should also consider partnerships with universities and technical schools to accelerate the generation of cybersecurity talent in line with immediate skills they will need. This would be replicating an initiative currently observed by Mexico’s aerospace industry, which has proved to be fruitful for this sector.