There’s a worldwide shortage of 3.4 million cybersecurity workers, putting many organizations at risk to fraudsters, according to the 2022 ISC2 Cybersecurity Workforce Study.

A group of credit union security leaders addressed that issue Wednesday at the 2023 CUNA Cybersecurity Conference with NASCUS.

Moderated by David Zuleski, chief information security officer at $7.3 billion asset MSU Federal Credit Union in East Lansing, Mich., the group identified several reasons for the dearth of cybersecurity staff in credit unions: A lack of qualified talent, turnover issues, wage gaps, resource constraints, limited opportunities for growth, and a lack of support from leadership.

Some ways security leaders are addressing this issue:

• Offer flexible work arrangements.
• Invest in training.
• Seek ways to automate certain roles or job functions.
• Collaborate with credit union peers.
• Partner with human resources (HR) to make sure good candidates aren’t needlessly excluded from cybersecurity roles. “Talk to HR about where you can be flexible,” Zuleski says. “Make sure your job descriptions are up to date, and be careful with auto filtering systems. Limit skill requirements to what’s critical to your organization.”
• Consider eliminating requirements for college degrees and certifications to increase the pool of available candidates.
• Focus on culture. People won’t stay in organizations that lack leadership support, metrics around security success, and flexibility.

Recruit diverse candidates for job openings.

“Cybersecurity traditionally has been nondiverse,” Zuleski says. “This is changing, but a gap still exists. “We need to go to job fairs and actively seek out diverse candidates.”