Workforce Development


Download the Workforce Development Guide:


Download the Workforce Development Checklist:


image of the Workforce development guide

Identifying Needs

  • Identify your workload requirements.
    • Evaluate the complexity of your operations and the speed with which actions need to be executed.
    • Consider surge capacity needs and whether advanced technologies can help reduce the attack surface.
  • Identify your workforce requirements.
    • Consider the competency, flexibility, and agility of the cybersecurity workforce in your organization.
    • Identify ideal reporting structures and highlight where multi-functionality is preferable.
  • Define the required knowledge, skills, abilities, and competency of your workforce based on the roles they occupy and the business functions they support.
  • Identify critical gaps in your organization’s existing cybersecurity workforce.
    • Employ existing tools such as the NICE framework to guide internal assessments of roles and responsibilities.

Improving External Recruitment

  • Strengthen job postings by writing clear, internally consistent job descriptions.
    • Use existing tools such as the NICE framework to highlight relevant skill sets.
  • Gather data on recruitment through the application process, capturing types of applicants and previous work experiences.
    • Systematize data collection and share throughout company to prevent silo formation and support talent sourcing and development.
    • Evaluate recruitment data periodically to identify gaps in outreach.
  • Rely on multiple indicators to assess candidate potential.
    • Consider implementing systematized hiring assessments.
    • Evaluate relevant degrees, certifications, and work experiences.
    • Avoid relying on one specific metric (e.g., a masters-level degree in engineering) when making hiring decisions.

Advancing Internal Training and Development

  • Develop career maps that highlight advancement tracks for your cybersecurity workforce
  • Identify pathways within your organization for retraining and repositioning talented staff into cybersecurity roles.
    • Consider potential nontraditional entry points into cybersecurity based on interest and ability.
    • Expand upskilling and retraining programs and incentivize transitions within your organization.
  • Encourage internal training and independent learning.
    • Open opportunities for continued education and skill certification.
  • Track data on workforce retention.
    • Evaluate retention data periodically to identify whether training and development programming is meeting employee needs.

Fundamental Approaches

Consider the following strategic approaches when developing a cybersecurity workforce.

  1. Expand the supply pipeline producing new talent.
    • Do you have relationships with universities and technical colleges?
    • Do you offer cybersecurity internships or apprenticeships?
  2. Identity and match existing supply with talent openings.
    • Is your human resources department effectively translating required skills into posted job descriptions?
  3. Retrain existing staff to become part of the cyber workforce.
    • Is your organization leveraging existing talent by shifting resources to its cyber workforce?
  4. Reduce the demands on your cyber workforce through technological innovation.
    • Do you have agreements with third-party service providers to create surge capacity during critical periods?
  5. Improve retention of the current workforce.
    • Is your organization investing in talented team members?
    • Does your organization allow interested individuals to explore careers in cybersecurity?
Please note...

You are leaving the website for the Carnegie-Tsinghua Center for Global Policy and entering a website for another of Carnegie's global centers.