Bridging the Divide: How Skills-Based Hiring Can Close the Cybersecurity Skills Gap

Guest Postscyber securityHiring
By Keatron Evans

The cybersecurity industry faces a considerable talent shortage. More than 4.7 million workers are needed globally to adequately secure organizations, with 542,000 of those workers needed in North America, according to the latest ISC2 report

That large number suggests an immense opportunity for cybersecurity workers to gain employment and impact an organization’s cybersecurity. However, the actual answer is a bit more nuanced. Trained professionals who have cybersecurity skills — but not the right skills — are a common issue when talking with cybersecurity leaders and hiring managers. As an industry, we have not adequately communicated what skills are needed and prepared those millions of workers required to effectively fill open roles. 

The disconnect between traditional training approaches and actual job requirements frustrates everyone involved: job seekers, hiring managers and HR professionals. This costs organizations time and resources as they struggle to find and retain qualified security talent.

Catch more HRTech Insights: HRTech Interview with Jeff Smith, PhD, Chief Product Officer at 15Five

The shift to skills-based hiring

Skills-based hiring has been trending for a few years now as a solution to this problem, but 2025 will be the year when the industry sees real strides in this area. In November, the U.S. Department of Labor issued a Skill-First Hiring Starter Kit, and more than 100,000 federal information technology jobs will be impacted when the skills-based framework is implemented this summer.

The goal of initiatives like these is to ensure we’re building an agile cybersecurity workforce that can keep pace with the rapidly evolving field of cybersecurity. For example, the rise of cloud and AI has led to new skill demands. According to the ISACA State of Cybersecurity Report:

  • Cloud computing is the largest hard skills gap in today’s cybersecurity professionals
  • New skills — like large language model security operations (SecOps) and machine learning SecOps — are now among the top 10 skill gaps

Traditional training approaches often lag behind these trends and take a more universal approach to education, producing professionals who know many concepts but might lack the specific skills needed for a role. Skills-based hiring is a great way to counteract those issues, but that leads to perhaps the most important question: how do we identify those skills, communicate them to job seekers and validate those skills in the hiring process?

Creating personalized, role-specific skills

The path forward lies in personalizing skill development to match specific job roles at specific organizations.

Consider a security analyst position, which can vary quite a bit from organization to organization. A one-size-fits-all job description and training plan isn’t very efficient. For example, instead of requiring “experience with SIEM tools,” organizations should specify which SIEM platform they use and what analysis they perform daily. This transparency helps candidates focus their preparation and allows employers to better assess their fit for the role.

One way to start down this path is to create skill matrices for each role, mapping out required competencies at different levels of expertise. This helps both employers and employees track progress and identify areas for improvement. 

This does require more upfront work in defining role requirements — and then creating training plans for new and existing employees to master those skills. This investment has been a roadblock for many organizations in the past. However, new AI-powered tools are making this process more manageable, helping to automate the creation of role-specific learning paths and skill assessments. 

There’s no reason to stick with generic training approaches when personalized, skills-based options have become increasingly accessible.

Assessing candidates through skill validation

Organizations also need better ways to assess candidates’ practical abilities. While traditional interviews and certifications have their place, hands-on skill validation provides much clearer evidence of a candidate’s capabilities. This might involve technical assessments, practical exercises, or demonstrations of specific tools and techniques.

Organizations can also leverage modern training platforms that provide evidence of hands-on competency through recorded demonstrations, skill assessments and practical exercises. This allows those in the hiring process to watch candidates demonstrate their ability to use specific security tools or handle common scenarios before making a hiring decision.

This verification approach benefits everyone:

  • Job seekers can improve their abilities beyond what’s written on their resumes.
  • Current employees can demonstrate their growth and readiness for new responsibilities.
  • Employers gain confidence in their hiring decisions by ensuring candidates can execute the daily tasks required by the role.

Organizations should also consider implementing regular skill assessments for current employees. This helps identify training needs and ensures team members maintain the practical skills their roles require. It also provides clear pathways for career advancement, as employees can see exactly what skills they need to develop for their next role.

Building tomorrow’s security workforce

Success in cybersecurity hiring and upskilling requires thinking beyond traditional approaches. As the industry shifts to skills-based hiring, consider ways to reinforce that framework

  • Encourage cross-training opportunities within your organization, where team members can shadow different roles and gain practical exposure to security functions.
  • Build partnerships with educational institutions to shape courses that reflect real-world needs.
  • Create mentorship programs that pair experienced professionals with newcomers, focusing on practical skill transfer rather than theoretical knowledge alone.

By clearly defining role requirements, personalizing skill development and validating practical abilities, organizations and professionals can work together to build a more effective security workforce. This will help fix today’s hiring challenges and create a sustainable approach to developing the right skills for tomorrow’s security landscape.

The key is to start now. Define your specific needs, create targeted learning paths and explore ways to implement practical skill validation. Whether you’re a hiring manager, HR professional, or job seeker, this focused approach to skill development will help bridge the gap between cybersecurity education and real-world job requirements.

Read More on Hrtech : HRTech Interview with Kristin Cabot, Chief People Officer at Astronomer 

[To share your insights with us, pEconomiclease write to psen@itechseries.com ]

Keatron Evans

Keatron Evans is at the forefront of AI-driven cybersecurity innovation. As VP of Portfolio Product and AI Strategy at Infosec Institute, he leads the development of cutting-edge solutions that are redefining industry standards. With over 20 years of experience, Keatron brings a unique blend of expertise as an AI pioneer and cybersecurity expert. He is an AWS-certified Generative AI Subject Matter Expert, author of "Chained Exploits: Advanced Hacking Attacks from Start to Finish," and a founding member of an AI company that developed offensive cybersecurity tools for U.S. intelligence organizations.

You might also like More from author