18 May 2023

4 min read

Closing the gaps: how to tackle shortages in cybersecurity skills and talent

Cyber security
Closing the gaps: how to tackle shortages in cybersecurity skills and talent placeholder thumbnail

In this special edition of our Cyber Intelligence Briefing podcast, S-RM experts Paul Caron, Stephen Ross and Rhiannon Dixon – all leaders within S-RM’s US cybersecurity team – discuss the related issues of the cybersecurity skills gap and shortages in cyber talent. Rarely out of the news, the team provide insights and tips for organizations facing challenges bringing in enough cyber talent to their teams or maintaining their employees' cyber skills.


      Listen to the latest insider podcast

 Listen on YouTube


Why is there a talent challenge?

The spiral of rising demand for cyber talent, pushing up competition and wages for employers is a well-known challenge that many organizations face today. But why is there a talent shortage in cybersecurity, what’s causing the block? Paul sees two factors at play:

  1. Ambiguity still surrounds cyber. For many people, when they hear about cyber vacancies it feels very daunting and unless you come from a strong technical background, you might not understand that the cybersecurity profession is very far reaching and wide.
  2. Gatekeeping. We still see gatekeeping or badge protection mentality around breaking into the field. For example you might see an entry level position but the employers are asking for at least two to three years’ experience in cyber. For us, that’s contradictory.

In summary – broader education is needed about the cyber profession and its different facets and how to get into them. Additionally, cyber leaders need to be more open to identifying talent, diversifying where they look and who they hire – that’s the only way to stop the spiral.


What about S-RM as an organization – how do we tackle the challenge?

Paul explains that at S-RM to we pride ourselves in taking non-traditional hires and upskilling them through a defined programme of development. We make an active investment through the S-RM Academy where best-in-class talent, with the tenacity and desire to learn cybersecurity skills, are given training across disciplines including incident response, digital forensics, ethical hacking and advisory. This helps new hires to find their niche and ultimately make them successful in the various parts of our global business.


Skills in short supply?

In our Cyber Security Insights Report 2022, 35% of senior IT leaders and C-Suite professionals that we surveyed told us there was a lack of cyber skills within their organization. At S-RM we help businesses of all types and sizes to improve their cybersecurity maturity and that can include building out security awareness training to help close gaps within existing teams. However, Rhiannon provides some tips businesses can do immediately:

  1. Encourage your team to participate in the broader cybersecurity community. There are many groups out there that provide useful resources and access to inspiring professionals at the cutting edge of cyber. Alongside individuals broadening their network by accessing these groups, there’s the potential of opening up a pipeline of talent too.
  2. Encourage a culture of coaching. Organizations where leadership encourages coaching behaviors often have a more mature and safe cyber posture.
  3. Train all users in security foundations. Having the largest cybersecurity department won’t make you the most secure organization. Organizations are only as secure as their weakest link, so by investing in some reoccurring, real-time and ideally gamified security training for all members of the company that's not only going to improve security, it's also going to reduce the workload for the current security team.


Paul Caron, Stephen Ross and Rhiannon Dixon will be attending NetDiligence in Philadelphia this month – please come and say hello at Stand #1 or reach out to the team via email.


Cyber Intelligence Briefing

Stephen Ross
Stephen Ross
Head of Business Development, Americas

Steve is S-RM’s Head of Business Development in the Americas, coordinating both Cybersecurity and Corporate Intelligence practices. He has over 13 years of experience in the cybersecurity and intelligence fields working with the federal government, large enterprises, and small businesses alike. Steve got his start in information security through his time in the United States Marine Corps as a special operations signals intelligence operator and linguist. After leaving the Marine Corps, Steve transitioned to the private sector as a cybersecurity and privacy consultant.

Steve specializes in enterprise risk management, data privacy and security, and client relationships. He has a wealth of experience across multiple industries including technology, media and entertainment, and telecommunications. Steve has led numerous security risk assessments, written information security policies, and built cyber risk management teams across multiple industries and competencies. Steve has served as lead for incident communications, developed cyber risk-centric automations, and performed countless contractual reviews and negotiations.

Paul Caron
Paul Caron
Head of Cyber Security, Americas

Paul is S-RM’s Head of Cyber Security, Americas. Paul has over 20 years of experience spanning both the private and government sectors in roles across leadership, military intelligence and counterterrorism, and cyber security leadership & engagement delivery. Before joining S-RM, he was the Managing Director of Incident Response for a global consulting firm. In this role, he used his experience to help clients who were experiencing complex ransomware attacks.

After a career in the U.S. Army, where he was a subject matter specialist in various facets of the Intelligence and Special Operations fields, Paul joined PwC. At PwC, he was an engagement manager and focused on cyber security strategic transformation projects. He has significant experience advising Fortune 100 clients through proactive security transformation efforts and post-breach remediation activities. He has a strong track record of partnering with senior security leaders to mature their cyber security programs on their strategic journeys.

Paul holds an MBA from Norwich University. He was in the first graduating class of the Norwich University Strategic Studies and Defence Analysis program. He is also the co-author of “Security Supervision and Management: Theory and Practice of Asset Protection.”

Stephen Ross
Stephen Ross

Head of Business Development, Americas

Paul Caron
Paul Caron

Head of Cyber Security, Americas

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.