LatAm’s Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut

Posted on by

To hire cybersecurity professionals, companies in Latin America are under a mandate to expand their search and foster the wide range of underutilized talent that exists in the region, especially as the threat landscape surges ahead of the global pace. 

That’s according to Ekoparty, a long-running annual cybersecurity conference that takes place in Buenos Aires and, more recently, Miami. The organization released a jobs report today, exclusively shared with Dark Reading, analyzing the cybersecurity talent market in Latin America. The report is based on a survey conducted with 605 Latin American cybersecurity professionals in an effort to identify relevant challenges as well as potential solutions. 

Latin America faces 40% more cyberattacks than the global average, and its vibrant threat landscape unfortunately continues to put defenders on the back foot. The reasons for this are complex and multifold; while LatAm organizations do broadly struggle with cyber maturity, the real problems are more specific. Brazil is a leader in establishing standardized mobile payment processing nationwide with its deployment of Pix in 2020, for example. But that has made the nation a hotbed for banking Trojans and phishing attacks alike, a problem only exacerbated by the proliferation of hacking kits that require little technical knowledge to deploy. It’s just one example of what nations in the region are uniquely facing, and the reality is that the talent pool as-is will not be sufficient to get ahead of the risk.

Related:Zscaler-SquareX Deal Boosts Zero Trust, Secure Browsing Capabilities

The primary conclusion the report reaches is that Latin America has a thriving cybersecurity community, but organizations must adapt to the realities of how these professionals train, work, and live in order to access that talent, and expand their hiring searches.

While many companies may believe that a specialized job area like cybersecurity requires a university degree, 70% of respondents said they acquired their skills through informal learning pathways such as online courses and on-the-job experience; only 44% held a university degree, and only about half (53%) held at least one certification. 

Additionally, while 79% work in full-time roles, 44% maintain a second related occupation such as research, teaching, or participating in bug-bounty programs. While some organizations may expect that their applicants exclusively work for the company applied to, that doesn’t necessarily reflect how the security community at large operates. 

Related:Torq Moves SOCs Beyond SOAR With AI-Powered Hyper Automation

These points speak to a larger thesis of the report, that there are underutilized opportunities for leaders to access large portions of the security community. 

This opportunity especially appears to be true for entry-level cyber professionals. About a third (35%) of respondents had fewer than three years of experience, an important consideration to make when so many security job listings can require a decade of experience in the field. Plus, women enter the field between seven and 10 years later than men on average, highlighting the need to address structural barriers to entry as well as an opportunity to further expand the talent pool.

The Bigger Picture: Fostering New Talent

And while security budgets perpetually remain tight, compensation was not the only factor that makes a prospective company seem appealing to candidates. Valuing employee well-being, offering flexibility in work arrangements (such as remote or hybrid opportunities), recognizing expertise, and providing job stability were also considered key factors that make up an ideal organization to work for, according to the survey. These factors offer just a few of the ways companies can make themselves appealing to applicants while remaining conscious of budgetary constraints, according to Ekoparty. 

Related:‘Stanley’ Toolkit Turns Chrome Into Undetectable Phishing Vector

“Ultimately, while cybersecurity demands a high level of expertise and commitment, professionals in Latin America are equally driven by the desire to build meaningful, balanced, and sustainable careers within a rapidly evolving industry,” the report read. 

That said, Federico Kirschbaum, a co-founder of Ekoparty, tells Dark Reading that there’s also a negative chicken-and-egg problem with security hiring: whether a company tries to make its first cybersecurity hire or even its 10th, the requirements tend to be for 10-plus years of experience, but with compensation levels that are not commensurate with that demand. That wards away candidates, and big holes in staff can remain if organizations can’t afford to offer higher pay. 

Companies in that position can meet professionals where they are, and instead foster skilled yet developing talent, he notes.

“Our pitch is, Hey, I think there are many people in this industry that come from an informal background in terms of learning,” he says. “They are proficient. They are not here only for the money, but also because they really love what they do. But to an extent, we need to make companies aware that if you want to grab this talent, you also need to retune your hiring so you are part of the learning experience. I think talent is being formed not only from the academia but also from the industry.”