The Cyber Ireland National Conference (CINC) 2024 took place on the 25th & 26th of September in Kilkenny. It was a fantastic event with over 450 cyber security leaders and professionals from over 150 organizations from the cluster across industry, education, and government. People and skills featured heavily on this year’s agenda, with a breakout session dedicated to ‘Securing the Future – Developing your Security Team’. Jan Carroll of Fortify Institute moderated the panel which also included;
- John Haren, Afiniti AI, and The Open University
- Joanne O’Connor, Senior Manager People & Organizational Development Hewlett Packard Enterprise,
- Daniel Murray, MD Cybershark Recruitment
- Denise Cassidy, Accenture European Cyber Security HR Lead.
The session delved into the pressing challenges organizations face to build, train, and retain cyber security skills to bridge the skills gap. Several core themes were explored, including the shift to a ‘skills-first’ hiring approach, leveraging internal mobility to upskill teams.
According to the Cyber Ireland Labour Market report, 66% of organizations had skills, recruitment, or retention issues, as highlighted by Daniel Murray of Cybershark Recruitment. The Cyber Security Salary Survey shows that 24% of participants say that basic salary is a motivator when looking for a new role, however, it could be argued that this is an incentive to move but not the main driver. The main drivers, as suggested by Daniel, are career progression (20%), training and development (14%), and finally, flexible working (15%) so people have a better work-life balance. He continued that problems often arise in recruitment as there are misalignments with job descriptions and expectations. According to the Cyber Security Salary Survey, the average tenure of people staying with one company is 2 years and 1 month. Interestingly, besides taking increased salary into account, 20.25% of professionals listed career progression as an important consideration when changing roles.
John Haren emphasized the importance of creating a program to assist cybersecurity professionals in their continuous professional development (CPD). He suggested that individuals start by identifying their key skill needs and utilize external frameworks such as NIST, and NICE to assess their current and future state and to plan their path forward. This should be done as a cyclical exercise, not just a one-off one. When the minimum skills/learning/certification requirements for each role are mapped out, this can help people navigate their CPD learning paths. Non-technical skills development is critical and gets more important as a career progresses. Organizations should take this up with individuals and offer opportunities to develop these skills at zero financial cost. Examples of CPD initiatives that have been particularly successful in upskilling cybersecurity professionals include security certification support programs, mentoring programs, and non-technical skills development.
Joanne O’Connor discussed HPE’s partnership with the World Economic Forum’s Talent Working group that produced the Bridging the Cyber Skills Gap Report, which Denise also worked on. An additional outcome from these forums as a global approach includes thought leadership on collectively tackling talent generation. HPE built its own ‘talent-generating’ program in the HPE Cybersecurity Reboot Program. The reboot program aims to attract people from other backgrounds and industries into cybersecurity, removing all barriers to entry. The program has brought 25 people through, with a 94% permanent employment rate. Future plans are to develop joint initiatives – bringing together other talent-generating programs. the goal is to collaborate to create robust, cross-continental exchanges of early cybersecurity talent. The bigger vision is to build a global network of early-career cybersecurity professionals by facilitating regular communication, shared projects, and mentorship opportunities. This collaborative approach demonstrates that collective action and resource sharing can drive significant advancements in cybersecurity workforce development.
Joanne also shared insights into managing an organization’s resources in terms of providing the necessary training and upskilling to stay ahead in the field. Joanne detailed a competency mapping strategy that while designed for a multinational, can be effectively scaled down for smaller teams. Here are the key points covered:
1. Understanding the Landscape of Your Organization
A foundational aspect of effective competency mapping is understanding the capabilities and skills already present within your team. Building a comprehensive skills database is crucial for identifying strengths, gaps, and opportunities across your organization. This helps to allocate resources efficiently and ensure that your training initiatives are well-targeted.
2. Building a Skills Database
Creating and maintaining an accurate database of employee skills is vital to making informed decisions about training investments and workforce development. Joanne highlighted several potential drawbacks of not knowing what skills your people possess:
- Misallocation of Resources: Investing in the wrong training or courses due to a lack of visibility into current skill sets.
- Lack of Clarity on Gaps: Without a skills database, it’s challenging to know where the organization is lacking key competencies,
- Over-Indexing on Skills in Specific Geographies: Organizations may unknowingly concentrate certain skills in particular regions, limiting flexibility and creating potential blind spots.
3. Designing a Competency Program
Joanne explained the steps involved in designing a competency program that could be adapted by other organizations, from large enterprises to small teams:
- Frameworks: Established frameworks, such as the NIST NICE Framework, the Australian Skills Framework, SFIA, and CIISec can be used as guides to understand the competencies needed for cybersecurity roles. They then built a custom framework tailored to their organizational needs.
- Leadership and Employee Buy-In: Getting buy-in is critical, but must be handled tactfully. Employees can be suspicious of skills assessments, especially when layoffs are a concern. Transparency and communication are essential to reassure employees that the initiative is meant to support their growth and career development.
4. The Role of Data Insights
Competency mapping is not just about building databases but also generating insights to drive decisions. Joanne discussed how the output of their competency mapping provided actionable data that benefited the organization in several key areas:
- Targeted Hiring and Training: Understanding the current skills landscape enables teams to be strategic about hiring and training, ensuring resources are used where they are most needed.
- Identifying Over-Indexing and Gaps: The data can highlight areas where and organization is over-indexed in skills or geographies, allowing leadership to make informed decisions to balance capabilities.
- Strategic Leadership Decisions: Ultimately, insights gained can help leadership make strategic decisions regarding workforce development and resource allocation, leading to more effective business outcomes.
Denise provided some key insights into how Accenture’s focus is on skills in the era of reinvention. There is currently a shift to ‘skills as the common currency’ by positioning skilling at the centre of talent strategy and investing in talent creation. Accenture believes knowledge is power, and organizations need to understand the skills a person has today and determine the critical areas for growth. They offer an enterprise-wide skills library as their single source of the truth. It also highlighted how they access a broader talent pool by focusing on skills and potential vs. pedigree and degrees. Scalable intervention is required to deepen existing skills for ongoing skill rotation and to invest in new skills. Denise spoke passionately about unlocking people’s potential. Transparency on skills and learning pathways opens up boundaryless opportunities. Overall, their approach to accessing and creating talent is everything skill-based.


Following on from Jennifer Cox’s session on the mainstage at CINC, Cyber Ireland recently hosted a webinar that Jennifer ran titled Practical Tips for Supporting a Neurodivergent Workforce, where leaders from the industry came together to learn how to create more inclusive and supportive environments for their neurodivergent employees.
During the session, we explored the unique challenges that neurodivergent individuals, including those with ADHD, Autism, and Dyslexia, often face in the workplace. Attendees learned practical strategies to help these employees thrive, such as offering flexible work arrangements, providing structured feedback, and adopting clear communication techniques. These actionable steps were designed to help leaders foster a more supportive and empowering culture in cybersecurity.
Jennifer also shared real-world examples of stories from her experience of companies that have embraced neurodiverse talent and seen positive outcomes as a result. These examples demonstrated the value of making small, meaningful changes, not just for the benefit of neurodivergent employees, but for the entire organization.
For those who attended, we hope you left feeling inspired and equipped with new strategies to implement within your teams. Supporting neurodiversity is an ongoing journey, and it’s one that requires both awareness and action.
Thank you to everyone who participated and made this webinar a success. If you missed it, check out the recording.
Let’s continue working towards a more inclusive future where all employees, regardless of neurodiversity, can thrive.
Helpful Resources/Insights:
Global Cybersecurity Outlook WEF report 2023
- Only 15% of all organizations are optimistic that cyber skills and education will significantly improve in the next two years.
- 52% of public organizations state that a lack of resources and skills is their biggest challenge when designing for cyber resilience.
- Half of the smallest organizations by revenue say they either do not have or are unsure as to whether they have the skills they need to meet their cyber objectives.
- Only 21% of respondents from the smallest organizations by revenue said they would close the skills gap by recruiting experienced cyber professionals; in comparison, 36% of respondents from the largest organizations by revenue said the same.
- just 24% of cybersecurity professionals aged 30-38 are women. For those aged 39-49, that figure drops to just 13%.
- 91% of organizations believe that there is a need to push for a more diverse range of people in the cybersecurity field
WEF CyberSecurity Talent Framework 2024
The initiative developed a Strategic Cybersecurity Talent Framework (CTF) featuring actionable approaches to help organizations build sustainable talent pipelines. The Framework was launched during the World Economic Forum`s Special Meeting in Saudi Arabia
- 71% of organizations have unfilled security jobs & global shortage of nearly 4 million jobs)
- 56% of organizations today struggle to recruit cyber talent
- 67% of cyber professionals would not recommend a career in Cyber)
- (44% of workers core skills are expected to change by 2027, Future of Jobs Report, 2023)