With countless cyber threats impacting today’s enterprises (ransomware, malvertising and malware, oh my!), security professionals have never been more valuable to their organizations. Unfortunately, the cybersecurity industry is facing a major shortage of expertise, with industry estimates suggesting more than one million unfilled security jobs exist worldwide.
According to analyst firm ESG, 83 percent of enterprises find it “extremely difficult” or “somewhat difficult” to recruit and hire security professionals. In this slideshow, Trustwave CMO Steve Kelley outlines several tips to combat this ongoing industry issue.
Overcoming the Cybersecurity Skills Drought
Click through for seven steps organizations can take to combat the ongoing security skills shortage, as identified by Trustwave CMO Steve Kelley.
Focus on Specific Skills
Encourage security employees to focus on specific disciplines.
The 2016 Trustwave Security Pressures Report found that 29 percent of IT decision makers wished to quadruple their staff from its current size. However, a better solution is to focus on quality over quantity. While security pros should be well-versed in every aspect of security, choosing a specific area to specialize in will help each team member contribute to the breadth of knowledge of the team as a whole. Advise your security team lead to encourage (or require) team members to complete a certification program in a specific skill area, if they haven’t done so already.
Invest in Cyber Education Programs
Commit to long-term solutions around cyber education.
Short-term tactics for decreasing the skills shortage (certifications, collaboration, automation, resource-friendly deployment models like cloud-based security and managed security services, etc.) are important, but the issue is too big to be a quick fix. From a bigger-picture perspective, investing in cyber education programs such as LifeJourney or Code.org is one way to make a lasting impact on the skills shortage. Exposing students to cybersecurity careers and helping them harness their technical skills at a young age is the best way to nurture the next generation of IT professionals.
Educate the C-Suite
The skills shortage is not exclusive to technical personnel. In fact, the issue reaches all the way to the C-suite. Failure to understand the needs of security personnel and the benefits of new security technologies limits the C-suite’s ability to infuse a culture of security across an organization. Direction comes from the top down, and if C-level executives don’t understand the critical value of a strong security team, it can be difficult to get the necessary approvals and dedicate the right resources to cybersecurity initiatives.
Consider Partnering with a Third-Party Provider
With emerging threat vectors and major cyber attacks and breaches in the headlines every day, security teams are under more pressure than ever before. While partnering with a third party isn’t right for every organization, delegating some security tasks (threat management, ethical hacking and penetration testing, security monitoring and response, etc.) to a third-party service provider can help take pressure off in-house security teams. According to the 2016 Trustwave Security Pressures Report, 86 percent of IT decision makers either already partner with or plan to partner with a managed security services provider.
Think Outside the Box
According to IT professionals association ISACA, over half (53 percent) of security pros say it takes three to six months to find a qualified candidate. This hiring timeline is far too long considering the wealth of qualified candidates hiding in college campuses and diverse demographics. Offering an internship for college students is a great way to cultivate fresh talent through longer-term training and full immersion technical practice.
With women comprising a mere 11 percent of the information security workforce, diversity in cybersecurity is still an enormous industry issue. Slight changes in hiring practices — such as removing gender-specific pronouns in job descriptions — can make a significant difference when it comes to unbiased hiring. Working with diversity initiatives like Ms. Tech can help establish your organization in different communities and validate your commitment to diverse hiring.
Take Advantage of Cloud Security Technology
The technology industry, security and beyond, is in the midst of a mass exodus to the cloud. Cloud-based tools offer a number of benefits to enterprises — they’re usually less expensive, more efficient and more scalable than traditional hardware. Cloud technology and resources reduce the skills shortage by allowing security professionals to protect organizations around the clock, without even being onsite. Cloud competency can bring a huge amount of value to any security team.
Look Beyond Human Resources
When the skills gap is discussed, the focus automatically goes to hiring practices and training programs. However, the key to overcoming the cybersecurity skills shortage may be a lot easier than we think. Rather than working to help the supply catch up to the demand, security pros can decrease the demand with quality applications and resilient computer systems. Cyber threats are not going away, so we need to develop strong technical defenses that will pick up where manpower leaves off. There are many emerging technologies in cyberspace, so be sure to maximize your security budget by investing in the right tools that will reap the most value.