The world is experiencing larger volumes of cyberattacks that are continually advancing in sophistication. As government agencies and companies of all sizes proactively and reactively address cybersecurity challenges, the need for more experienced teams of experts is increasing. Unfortunately, the cyber industry failed to accurately forecast the future workforce needs 10 years ago, and today demand is increasing at a steeper curve than the number of available candidates.
According to Cybercrime Magazine, “[The] U.S. the cybersecurity workforce has more than 950,000 workers — with around 465,000 of them yet to be filled, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce … Over an eight-year period tracked by Cybersecurity Ventures, the number of unfilled cybersecurity jobs grew by 350%, from one million positions in 2013 to 3.5 million in 2021.”
The article shared, “Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, is (or should be) involved at some level with protecting and defending apps, data, devices, infrastructure and people. While many mid-sized to large organizations post cybersecurity jobs that go unfilled, a growing portion of the responsibilities for those positions are being absorbed by IT workers taking on security as part of their overall role.”
With digital transformation and cloud adoption, IT roles are changing to be less hands-on maintenance and more business consultant to help organizations think more strategically about how to leverage technology and improve data security.
According to an article by ZDNet about the changing roles of IT due to cloud adoption, which analyzed a recent survey of large organizations by Denodo, 72% of companies identified managing security, compliance and governance of clouds as top issues, followed by limited skills in managing cloud systems (62%).
“Security, compliance and governance will always be a challenge when first migrating to the cloud, as organizations will need a bird’s-eye view across both on-premises and cloud systems, simultaneously, and will need seamless ways to implement security and governance protocols across both systems.”
In an article about overcoming cyber talent recruiting challenges from SecurityWeek, one of the toughest challenges cited was finding the right talent for the right position, within budgeting constraints.
“Some companies make the mistake of asking too much from candidates — in the hope that one of them will match their needs. For example, when seeking an entry-level person, they ask for years of work experience and specific security qualifications.”
Credit unions, like many small businesses across a variety of industries, struggle to hire experienced cyber talent. They simply can’t chase the investment as it isn’t a one and done situation – the investments are ongoing to keep up with the rapidly changing and increasingly complex cyber challenges.
“We have a really good internal IT team, but credit unions simply can’t afford to hire all the specialists needed – network, database, help desk, cyber. We can’t always anticipate our future needs and can’t hire for everything,” Patty Campbell, president/CEO of the Sterling Heights, Mich.-based Christian Financial Credit Union ($849 million in assets).
Turnover among IT workers at credit unions is much higher than for other positions because, by nature, cyber professionals need to be positioned to continually grow and innovate, and credit unions just don’t have the capacity to meet those needs. They typically can’t afford experienced cyber professionals, so they hire younger, less experienced employees, who are more abundant and easier to hire, but don’t have the mentorship and training to meet the needs of today’s businesses, especially in the financial services industry.
Like other small businesses, credit unions have turned to vendors to outsource their IT and cybersecurity work. Credit unions have unique needs which is fueling growth in the number of CUSOs created to provide credit unions with the talent and tools, and most importantly, knowledge of the industry.
Campbell stated, “Working with a CUSO provides us access to specialists – they provide shared resources and experts knowledgeable about credit unions. While we have a great internal IT team, with a trusted partner, they have coaches and mentors we can leverage to develop our staff.”
CUSOs specializing in IT and cyber services are able to provide candidates with the cutting-edge technology, culture, higher salary, diversity in work through multiple customers, and peers with whom to learn and innovate – all of which credit unions are unable to provide on their own. But through partnerships with CUSOs, they are able to secure the support they need without the investment to build their own team of experts.
Due to the unique structure of CUSO model, credit unions are positioned to lead other industries in meeting the evolving demand for cybersecurity expertise, and provide members with secure digital experiences for modern banking.
Chris Sachse is CEO of Think|Stack, a Baltimore-based managed services CUSO specializing in cybersecurity and cloud solutions.