There's no easy fix to the cybersecurity skills shortage.
When Anna Vanegmond graduated from Notre Dame in 2014 with a degree in sociology, she had taken just one cybersecurity course, and making a career of it had never crossed her mind. Then she found out about PwC’s big push to hire and train people in the field. With her liberal arts background, signing on “was a little bit of a leap,” Vanegmond says. “But I always enjoyed tinkering with computers, and I was attracted to this because of its huge growth potential.”
There’s no doubt that potential is big. Not only are about 2 million high-paying cybersecurity jobs currently going unfilled worldwide, but the skills shortage seems to be getting worse as cyber attacks grow more sophisticated. A December 2015 survey of 435 tech executives by online training firm Cybrary found that about 70% struggle with a chronic lack of qualified hires, and 60% say the biggest hurdle to cybersecurity recruiting is a widespread lack of talent.
So how is PwC planning to hire 1,000 people worldwide this year for its cybersecurity consulting practice? Rather than lament the skills gap, PwC is trying to fill it. First, the firm has stepped up recruiting of new college grads—including not just people with STEM degrees, but liberal arts majors like Vanegmond, too—and zeroed in on veterans who are leaving the military and looking for private-sector jobs. And second, PwC is training them.
Like Microsoft and some other big companies, PwC sees the armed forces as a vast pool of tech talent just waiting to be tapped. “These are very smart people who have experience leading projects and managing people,” says David Burg, global and U.S. head of the firm’s cybersecurity practice. “They’ve proven they can complete complex tasks on deadline, and they’re good under pressure. Those things are hard to train for. It’s easier to teach someone cybersecurity.”
PwC’s training program starts with an intensive four-week course, in many cases leading up to the CISSP and other in-demand certifications. That’s followed by a series of other courses that employees are expected to complete while on the job.
Vangemond, who now works in the firm’s financial-services advisory practice, says her class of new hires arrived with a wide range of skills. They ran “from people with no more than basic computer knowledge, all the way to real techies you might call white-hat hackers,” she says. “It wasn’t all stereotypical cybernerds.” Her liberal arts background has come in handy too, she adds. “Part of my job is ‘translating’ highly technical information into plain English for clients,” she says. “Communication skills count in technical careers, too.”
The usual reason more companies don’t tackle talent shortages by training the hires they need, of course, is simply that they hesitate to invest in imparting technical skills that employees can then take out the door to a competitor. That’s particularly true in a field like cybersecurity, where demand for talent is ferocious.
But, according to Burg, PwC doesn’t worry about that. “A large number of our employees are ‘boomerangs,’ who leave and come back,” he says. Other alumni, he adds, go on to big jobs at client companies—like Eran Feigenbaum, now chief information officer at Google for Work—and maintain ties to their old firm.
“But our retention rate is pretty high,” says Burg. “Mostly, we keep people here by making this a really interesting place to work.” It seems so. PwC has made Fortune’s list of the 100 Best Companies to Work For for eleven years running.