Exactly one year ago this column predicted a conspicuously different year ahead for tech labor: twelve months of employers facing up to a single hard truth---a shocking lack of readiness for new blockbuster technologies like A.I., blockchain, and a variety of digital innovations. Moreover, we posited they would finally begin to tackle the problem in more substantive ways. And this happened in 2018 according to many of our indicators. More on this later.
Now employers face an even harder truth: it will be a long and perilous road ahead.
First, employers need to dig themselves out of the deep hole of years of futilely trying to squeeze performance out of HR management systems and outdated labor practices that lack the kind of agility, flexibility, and power required to do competitive combat in a labor market vastly different than the one for which these systems and practices were designed. Second, they need to build a new foundation on top of the teetering one they have in place now---all while keeping up with day-to-day demands of managing their current tech workforce.
What happened in 2018?
Volatility in cash pay premiums for tech skills in 2018---defined as the percent of skills changing in market value every three months---was the lowest in more than a decade. The 1,003 certified and non-certified tech skills tracked in Foote Partners' Tech Skills and Certifications Volatility Index averaged market value fluctuations of 23 percent per quarter in the last twelve months and just 20.3 percent from July to October. Contrast this with just two years ago when annual quarter volatility averaged nearly 25 percent.
This may be an indicator of a diminishing popularity in using skills premiums to solve problems that salary alone simply cannot. If so it's a good thing if employers are finally defining jobs realistically and compensating workers in these jobs appropriately. In other words, companies are starting to recognize that some specialized tech skills and competencies are now minimum qualifications for a job and should be compensated via salary instead of being add-on specializations that are paid outside of salary as cash skill premiums.
For example, our compensation surveys found that pay premiums for certified and non-certified cybersecurity skills showed little to no change while cybersecurity salaries were up nearly 8 percent on average nationally for the year.
Another thing we also found in our research is how much the constant frenzy surrounding short term skills gaps and unfilled jobs targeted at point solutions has quieted down compared to previous years. These deficits have not gone away. What has changed is how employers are dealing with them. For instance, a new emphasis on training and development of internal resources in becoming more popular as a long-term solution.
Training: the critical differentiator
The steep rise in recent years of tech skills gaps isn't going to crest anytime soon, especially in cybersecurity where there have clearly been serious weaknesses in the capability of enterprises to protect themselves from cyber threats.
A 2018 Cyentia Institute study, "Unraveling the Cyber Skills Gap & Talent Shortage", found that 80 percent of respondents do not feel adequately prepared to defend their organizations. 68 per cent of the 3,109 international tech professionals surveyed (81% working in cybersecurity) expressed doubts about their organization's readiness to thwart advanced threats.
Foote Partner's latest IT Skills and Certifications Pay Index provides ample evidence of employers' attempts to narrow the cybersecurity talent gap: the Certified Cyber Forensics Professional certification is earning the highest certification cash premium among all 458 reported in the Pay Index, averaging the equivalent of 17% of base salary. In the most recent October data update of our IT Professional Salary Survey-U.S., Cybersecurity Specialists with three years of experience are averaging $108,285 in base salary in 65 U.S. cities. Senior level cyber specialists with five years' experience are averaging $127,000.
The ultimate antidote to skills gaps is training. The problem is our research indicates over one-third of organizations don't allocate training funds and 54 percent of IT decision-makers aren't approving training to fill key jobs. This is a recipe for disaster going forward.
Employer paid training during normal business hours produces the best results
This same Cyentia Institute study concluded that organizations that invest in training show improved preparedness at both the employee and corporate level. The problem is that companies are not investing enough in training cybersecurity skills and especially not optimizing how training needs to be delivered.
More than half of the study respondents pay for their own training, amounting to at least $1,000 annually for 35 percent of those reporting. Only 15 percent reported that their employers cover all cybersecurity training expenses. 60 percent of respondents reported using personal time for IT and security training and only 13% of companies conduct training during normal business hours.
Cybersecurity skill sets are still evolving in training protocols, making hands-on experience in a cyber security environment more critical than ever for filling cyber security jobs. What's missing most are enough experienced security professionals skilled these areas:
- Threat Intelligence and Analysis
- Valuing Asset Inventory
- Access/Identity Management
- Audit log analysis
- Compliance and policy
- Secure Data Management
- Information Risk Management
- Process Optimization and Agile Controls
- Secure and defensive programming
- Network Security
- Business Continuity Management
Finally, a key finding in our own recent in-depth interviews with more than ninety Chief Security Officers and Chief Information Security Officers is an expanded definition of "security professional" that is being taken more into account in hiring decisions. It's a long list but it can be distilled down to these attributes:
- Ability to translate technology risk to business risk.
- Think business and learn business speak
- Understand your industry
- Be open-minded and think outside the box (be strategic and not just tactical)
- Develop your people skills and work at being trustworthy.
- Be able to write and present high-level concepts coherently and succinctly, keeping in mind the language of business
A common refrain in our interviews with our 3,300 employer research partnerships has been "We're going to need as many people as possible to 'hit the ground running' to meet the demand". That's going to be a tall order not to mention a bit unrealistic in the short term. The fact is it's going to take another three to five years to organically narrow the skills experience gap. Employers will get there because indications are that the money and incentives are sufficient to get vendors, employers, and training organizations focused on the solution.
The solution to tech workforce change in 2019
In 2018 senior executives continued to ask both tech leadership and business line leaders to be more accountable in managing large segments of technology talent---for designing, building, launching and securing new products and services that are largely technology based. With this accountability came more scrutinization of their performance as technology-business hybrids. Examples include advanced analytics (for making more informed decisions), greater security (against dreaded cyber-attacks), and capitalizing on fast moving trends such as blockchain, advanced data analytics, and digital innovation.
This places tremendous pressure on tech and business leaders to execute more predictably in unfamiliar areas. The gating factor is always talent. 2018 was the year of realization that they will only be able to execute with a dramatic transformation of the tech workforce to a more appropriately skilled group of professionals who are capable of a level of agility, flexibility and aptitude not commonly associated with their predecessors
We've observed that applying architecture principles and practices to managing the tech workforce has provided by far the most consistent, viable solutions to these systemic problems.
So-called Tech People Architecture (TPA) focuses on how key human capital management elements such as job definition and design skills demand and acquisition, compensation, incentives and recognition, professional development, and work/life balance plug into an overall optimized operational model. The model is tuned to new technologies, shifting business strategy and organizational imperatives, culture, and performance philosophies. Together they propel flexibility and scalability, like any disciplined architecture approach.
This is exactly what has been missing for decades in the HR functions at too many employers and it solves all of these problems and more:
- Reducing by 50% to 70% the number of tech related job titles necessary to plan and administer pay;
- Significantly increasing retention rates;
- Narrowing or altogether eliminating persistent technology skills gaps;
- Improving individual and team performance and more predictable execution;
- Increasing consistent availability and quality of skills and workers;
- Achieving higher utilization rates;
- Mapping out how workers can move more effectively through promotions and career paths
Why does TPA work when other solutions have not? Because architecture practices are familiar to both business and technology executives. Business architecture and technical architecture practices have been successful for decades. For the latter, when done well, companies have achieved an understanding of what they have systems-wise and could then connect it to where they were going and how they were going to get there, all within a process inclusive of all the various stakeholders who shared the risk in the outcome.
It's generally a five-step process and doesn't have to be a big initiative with lots of fanfare. In fact, we've seen Tech People Architecture initiatives dramatically improve the ability of companies to transform to new tech workforce models in specific domains such as cybersecurity, digital product development, cloud computing, mobile platforms, and big data analytics.
We believe that by this time next year we'll be able to report a number of TPA success stories in this space, and I'm looking forward to that.