"While the individual may have a firm grasp of security technologies and concepts, they may not understand how to apply security logic within business context. Solutions have become more sophisticated, so we are needing more creativity and problem solving skills," says Burke.
Embrace soft skills
When hiring a cybersecurity professional, it can be easy to get caught up in the technical skills. But you also want to consider soft skills, which aren't necessarily taught in higher education programs. Since the biggest threat to security is usually other people, Fletcher Heisler, founder of online training site, White Hat Academy, and CTO at the non-profit organization Opportunity@Work, says cybersecurity pros need strong communication and interpersonal skills.
"In most cybersecurity roles, understanding what it takes to protect your organization with enforceable policies, training against social engineering attacks, and [implementing] relatively user-friendly systems is often even more important than any specific technical knowledge," says Heisler.
Soft skills are also important for IT leaders to land sufficient budgets, effectively communicate threats and inform other key leaders on cybersecurity trends. It can also mean having empathy for end-users to ensure you always implement user-friendly systems that won't bog down the less technically savvy employees, he says.
Tapping your talent pool
It will take a while for education to catch up to corporate security needs, but, in the meantime, there are other ways businesses can land the right talent. Oftentimes, the talent is already within your ranks, and all you need to do is "invest time and money" into those workers, says Heisler.
Employers should consider boot camps, seminars, workshops, part-time classes and professional development courses to get qualified workers up to speed on cybersecurity trends. It's quickly becoming the norm, with industry experts suggesting that specialized training programs will be an integral part of future cybersecurity education.
Allison Berke, PhD, executive director of the Stanford Cyber Initiative, an initiative to bring cybersecurity into undergraduate, certificate and informal education programs, says that the students often drive the demand for programs. If they're interested in machine learning, that will make its way into seminars, workshops and eventually the classroom. And part of that demand has also come in the form of online training and certification programs, which enable students and professionals to pick one specific skill to learn or improve.
"Last winter Kathryn Haun, a federal prosecutor with the DOJ, taught a course on digital currency and cybercrime in response to the Silk Road case, parts of which are still moving through the justice system. The future of education on rapidly changing technology is a mixture of traditional and online courses; seminars, workshops, and conferences; and student-led collaborations with industry and federal agencies to explore current problems," she says.
Sign up for CIO Asia eNewsletters.