Blogs & Opinions 13.06.2024

Plugging the Cybersecurity Skills Gap With Contractors

Cybersecurity leaders face immense pressure to strengthen their organisations’ defences. Yet the industry is struggling to fill positions. Luckily, CAPSLOCK’s Dr Andrea Cullen has a plan

The UK’s cybersecurity sector is still struggling to fill positions. The government estimates that 51% of UK companies lack basic cyber skills.

This shortage of cybersecurity professionals is putting a strain on teams, increasing the risk of burnout, leading to higher turnover rates, and ultimately widening the overall skills gap. As the cybersecurity threat landscape evolves rapidly and cyber attacks become more frequent and severe, cybersecurity leaders face immense pressure to strengthen their organisations’ defences. So, what can they do in this situation?

The obvious answer is to hire. However, filling cyber roles is already challenging. Recruitment teams may not fully grasp the necessary skills and can become overly focused on specific certifications instead of looking for valuable skills and experience. Finding the right talent can also be difficult due to a shortage of skilled professionals.

Prioritising bridging the skills gap

One immediate response CSOs and CISOs can take is to temporarily deploy certified cybersecurity contractors to fill team vacancies. This helps alleviate immediate pressure on teams by quickly adding headcount. It can be useful when struggling to hire permanent talent, navigating a hiring cycle freeze, or needing additional support on specific projects.

“CISOs could temporarily deploy certified cybersecurity contractors to fill team vacancies”

Cybersecurity leaders can avoid the financial pressure of permanent hires by deploying contractors who are typically engaged at a fixed daily rate. This approach also offers savings on traditional permanent hire costs such as recruitment fees, national insurance, pension, and holiday pay. It also allows companies to select contractors based on specific skillsets to meet exact criteria. This flexibility enables the hiring of contractors across various specialist and generalist roles, ranging from entry to senior levels. This can alleviate the financial burden on organisations, while ensuring the availability of specific skills and expertise.

Hiring cyber professionals as contractors can help address immediate staff shortages and build a diverse talent pool for future hires. By welcoming contractors, organisations can showcase their company culture, values, and practices, creating a talent network that is already familiar with the company. Working with an individual for several months allows organisations to assess whether they could be a good long-term fit. If suitable, organisations may choose to hire these contractors permanently, introducing a new team member who can contribute from day one.

Retraining cyber talent internally

Hiring cybersecurity professionals is not just about addressing the skills gap. It also allows organisations to tap into a wider pool of diverse skills and provides valuable opportunities for contractors to gain hands-on experience in cybersecurity.

However, organisations can also explore the option of developing the cybersecurity skills of their current employees through reskilling opportunities.

Reskilling existing employees to learn new skills is a great approach for businesses navigating the cyber skills gap. By finding individuals from the current workforce instead of relying on a limited pool of external talent, organisations can leverage their employees’ business knowledge and retrain them in specific areas. Not only that, but drawing from different functions and career backgrounds will bring in a variety of perspectives and experiences, enriching the overall skill set.

How to turn a skills shortage into an opportunity

Addressing the cyber skills gap will take time. CISOs who are dealing with this issue should therefore consider hiring contractors to rapidly expand and diversify their team with skilled workers, or they can opt to retrain current employees from different departments in the business who are interested in a career change.

This serves as a key learning for the broader industry that such initiatives provide a chance to explore non-traditional routes for nurturing talent to build a network of skilled professionals who have gained practical experience in the field of cyber security and are ready for the realities of working in the industry.

The responsibility lies with cybersecurity leaders to create opportunities for a more diverse pool of talent to ensure a resilient and adaptable workforce. By removing obstacles to entering the field, they can establish a stronger industry capable of meeting future challenges.


Andrea has worked in cyber for almost 20 years in a number of roles, the most recent of which is as a Co-founder and CEO of CAPSLOCK, an award-winning company that reskills adults into cyber professionals. She previously worked as a senior academic; co-authoring and delivering a GCHQ-certified Masters cybersecurity degree and publishing extensively in the area of computer science and cybersecurity. She has also spent time in industry working as a cyber consultant to public and private sector organisations. She was recently granted full membership to the Chartered Institute of Information Security and is passionate about helping the cyber industry become a more diverse place to learn and work.

Latest articles

Be an insider. Sign up now!