Building And Energizing Your Cybersecurity Workforce

By Rhonda Capron, ‎EdD, Dean of Business and Technology, Capella University and Bill Dafnis, PhD, Associate Dean of Technology, Capella University

It’s becoming more difficult to identify and attract cybersecurity talent in the workplace. The 2017 Global Information Security Workforce Study (GISWS) by Frost & Sullivan suggests that the cybersecurity workforce gap is on pace to hit 1.8 million by 2022, a 20 percent increase from 2015 forecasts. According to the report, 68 percent of survey respondents in North America believe there are too few cybersecurity workers in their department, and a majority believes that it is a result of a lack of qualified personnel.

The GISWS study also revealed that nearly 40 percent of healthcare hiring managers are looking to increase their workforces by 15 percent or more this year. In the face of these demands, hospitals and healthcare organizations may want to consider more creative strategies to ensure they have a pipeline of competent talent in the months and years to come. Here are some strategic ways healthcare IT leaders can identify potential internal talent to upskill, recruit quality talent externally and cultivate cybersecurity skills across their workforce.

The Talent Supply Challenge

Cybersecurity is an increasingly important consideration for healthcare organizations today. Just look at some of these startling trends:

• The 2016 IBM X-Force Cyber Security Intelligence Index shows that healthcare remains one of the most-hacked industries.
• According to the 2017 Ponemon Cost of Data Breach Study, the cost of data breach per lost or stolen record in healthcare was $380 globally. This is substantially higher than the average of $141 across all industries.

Unfortunately, as these trends persist, healthcare IT leaders may feel that there isn’t enough cybersecurity talent to fulfill their workforce needs.

However, in context with overall organizational operations, there are typically a number of departments and personnel that coalesce when a cyber crisis arises. Exploring these areas of alignment can be the key for some healthcare organizations to unlock a more robust risk management program.

Revisiting the Recruiting Funnel

Healthcare leaders may be able to find the right person to fill a specific need or position from within the organization. This person could be in a department closely related to cybersecurity, or may have demonstrated some core technical competencies that suggest they could flourish with proper guidance, training and mentoring.

There are several tangible skills that organizations can look out for internally to identify potential cybersecurity talent across the healthcare workforce spectrum. Examples include:

• Healthcare IT background – Healthcare regulatory requirements and policies regarding electronics records are complex. Someone with internal IT experience may already have a solid industry foundation from which to build cybersecurity expertise.
• Supporting career paths – Those in other roles related to IT, such as data analytics, may also be involved with many of the internal processes that can translate into a cybersecurity role and understand where and how data are used internally and externally.
• Soft skills – When combined with technical training, competencies in areas like leadership and communication can also align for a position in cybersecurity. Employees with a passion for supporting and protecting the organization might be particularly interested in this type of role.

By making internal recruitment and development a strategic priority, hospitals and healthcare organizations may find themselves more equipped to handle cybersecurity talent shortages. However, when skills gaps persist, recruiting externally might still be necessary. It can also be beneficial in terms of bringing on personnel with fresh perspectives and ideas based on their own unique backgrounds.

Industry experience is a big consideration when it comes to outside recruitment. Having HIPAA credentials and familiarity with unique regulatory nuances, for example, can help an incoming employee get up-to-speed quickly. However, healthcare leaders shouldn’t discount other candidates with an applicable background or an inter-disciplinary area of focus. Depending on an organization’s unique cybersecurity needs, a candidate with experience in computer science, computer engineering or information technology might be an ideal fit.

Additionally, while cybersecurity specialists are in high demand, each employee plays a role in making their organization more secure. Employees in every position should learn basic competencies to protect and defend apps, data, devices, infrastructure and people from cybersecurity threats. It’s up to leadership to ensure their staff receives the proper training to be equipped in these areas.

Developing Cybersecurity Talent

As healthcare organizations seek to enhance and develop their cybersecurity workforce, it’s important to remember that the types of threats that pose risks are always changing. In this evolving space, cybersecurity professionals are lifelong learners. These professionals not only obtain certificates to help them hone and refresh their skills, but can pursue a degree to add to their understanding of evaluating and communicating business risks.

In the landscape of lifelong learning, it’s not uncommon for today’s healthcare organizations to use tuition assistance (TA) programs as part of their strategy to develop and retain employees. As a strategic focus, leaders might want to consider how they can better align TA programs with specific needs in areas like cybersecurity. To strengthen this association and focus, there are a few objectives to keep in mind:

• Leverage accredited competency-based programs – These programs can help employers affirm the competencies in their cybersecurity workforce that directly apply to their jobs. This includes both degree and non-degree programs.
• Think beyond traditional degrees – In cybersecurity, education will often go beyond the degree. Non-degree courses, skill-building sessions, live-labs, simulations and other training opportunities can help professionals keep their skills sharp and competencies up-to-date.
• Offer a flexible pathway – Cybersecurity and IT professionals are likely already working demanding schedules. Online, flexible learning platforms can help them to acquire new skills and advance their careers on a timeline that makes sense to them as an individual.

To facilitate this process, healthcare leaders today have the option of working with a learning partner who can provide counsel and strategic direction. Through this type of collaboration, a learning partner can implement strategies tailored to an organization’s unique cybersecurity or risk management needs. They can also implement training programs and curate courses to provide employees at-large with the basic cybersecurity tools needed to help keep the organization protected.

There is no such thing as a one-size-fits-all solution when it comes to supporting cybersecurity staff and other employees in their roles as lifelong learners. To face these complex challenges, healthcare leaders should consider their cybersecurity workforce needs in conjunction with their overall organizational mission and budgets. It takes a strategic commitment, but it’s one that can pay off in the face of workforce shortages, skills gaps, and growing cybersecurity threats.