Any CIO who has spent time trying to fill important cyber security jobs knows that this is becoming a serious challenge. It’s a problem that isn’t going away anytime soon.

Thanks to heavy competition for cyber talent across both private and public sectors, people with cyber skills can pretty much write their own tickets when it comes to where and for whom they want to work. The gap between available positions and qualified people to fill them is projected to reach as high as 1.5 million within the next few years.

So if your company already has some of these talented people working for you and you want to keep them – or if you’re looking to hire more – what does this mean to you?

A sense of purpose

First, whether your emphasis is on hiring or retaining, you need to offer these employees a sense of purpose, an enjoyable work culture, and ongoing challenges.

They want to know that the work they are doing is making a difference. It’s easy for anyone in the midst of their daily routine to lose sight of the ultimate positive impact on the business. It’s the job of the CIO or the CSO to make sure they are always cognizant of the value of what they are doing for the company and for customers.

That can take the form of being transparent with results, highlighting progress towards team goals, and through individual and team recognition. These can be turned into fun things that make for a positive work culture. It’s much harder to leave a workplace where you’re enjoying what you do and know you’re appreciated; it’s also very appealing to start or grow your career in a place like that.

Also important is keeping the work new and interesting. That can be achieved by giving people a chance to work on different projects, or by changing around workgroups and project teams, both of which give people a chance to collaborate in different ways and with different team members.

Ongoing training is a positive too, encouraging employees to enhance their skills through a company training program, or via an online library, or through outside continuing education at industry events or local universities.

You can make sure your people do good beyond the workplace as well. Younger generations of workers want their employers to make a difference, and you can accomplish that by encouraging, rewarding, and highlighting community involvement and positive charitable work.

If your company doesn’t have an official program like that, it would be a good idea to launch one. But at the very least, emphasize individual involvement in as many ways as possible. It’s good for retention and attractive to potential employees.

Looking outside the box

When you look at roles where the need is greatest, it is in areas such as software engineering, data science and analytics, data platform defense and authentication, and being proactive in terms of preventing fraud and assuring compliance. The key cyber tasks are becoming more analytical.

As a result, these roles can require different types of skills than CIOs have been accustomed to looking for in the past. With the right approach, this can be a way to work around the talent shortage, by seeking people outside conventional IT job functions. These may be individuals who have worked in finance or business development, customer service, even sales.

Their value is in their business knowledge and an understanding of how to work with customers, which translates well into cyber security areas such as compliance, auditing, and fraud. With a bit of training and development, these people can transfer their business acumen to detection, monitoring, and fraud prevention, for instance.

A good place to begin doing some talent mining with an eye on the future is in the universities. Many companies are working to build partnerships with schools locally and regionally to encourage more of them to offer cyber security programs, both at the undergraduate and graduate levels. Through internships and other support, it’s a way for companies to build a talent pipeline.

The outlook 

In the long run, the supply of cyber security-skilled people will increase to meet the demand. That’s the way markets work. We see it already, with more universities offering cyber training programs, and more students entering them, secure in the expectation that there’s a good job in their future.

The problem is, meeting the demand is going to take years to happen. So in the meantime, it’s going to be up to companies to be creative in their recruiting, increase their training and employee development programs, and increase their salary budget for cyber-related positions.