Closing the cyber security talent gap
We have all seen the news before: there is a serious shortage of cybersecurity professionals in the market, ranging from 1 to 3 million unfilled security jobs globally, according to different estimates. It is clearly a problem that cannot be solved overnight, but it is deeply affecting companies.
CISOs face a two-fold problem: they need to decide how to minimise the impact of the security talent shortage to their daily operations; they also need to get their hands dirty and “be the change they wish to see in the world”, to paraphrase Gandhi.
As for the first part, there are definitely changes that companies can implement to minimise the number of resources they need. Companies should change the way they think about cybersecurity. An integrated approach to security helps reduce complexity and requires fewer resources. New technology, such as artificial intelligence, machine learning and automation is also helping companies reduce the effort needed to manage security, as shown in the Cisco 2018 Annual Cybersecurity Report. In addition to that, companies may augment their resources by outsourcing security. In fact, 54% of companies already outsource security advice and consulting, and 47% outsource incident response. Outsourcing these security services allows existing employees to work better, rather than spending all their time reacting to problems.
The second part of the problem requires investing in long term-solutions for the talent shortage, which means investing in forming the new generation of professionals. There are many public initiatives happening, but it is also essential that private organisations become part of the solution. Here are a couple of examples of how Cisco customers are doing just that:
Investing in early talent
NHL University, one of the largest universities in the Netherlands, with 25,000 students and 2,500 employees, is not only investing in forming cybersecurity talent but also benefiting directly from it. In addition to offering a cybersecurity course as part of their program, they actively encourage students to test the university’s network defences and report any weaknesses they may find. It is a brave approach, but not unheard of. Some companies even offer rewards to white hat hackers that can help them find gaps in their security.
Even if you are not in Education or Technology, you may be able to help form a new generation of IT security professionals. It can be something as simple as lending time from your security team to support existing projects in your area, or sponsor an employee to take on a cybersecurity course. You may also want to consider offering in-house training. Hackers will try many ways to breach a business; you need people who can think as creatively as hackers can, in order to close the doors to your infrastructure to unwarranted access.
Create your own talent pool
John Lewis Partnership, one of the largest retailers in the UK, implemented a cybersecurity academy to train their professionals to take on IT security roles. It is an opportunity for their staff, some of which started in their service desks or in their stores, to gain deeper knowledge in topics such as forensics, security operations and response, and grow their careers. Richard Goodman, who leads Networking, Security and Transformation at John Lewis Partnership, believes that by offering this training the company not only increases their talent retention but also benefit directly from having a steady stream of security resources.
JN Data, a medium-sized technology company based in Denmark, also invests in in-house training. It focuses primarily on upscaling the skills of their IT team members, currently working in areas such as service desk and infrastructure. While they invest in developing their own talent, they also recruit cybersecurity professionals outside of Denmark, in an attempt to reach a larger pool than what is available locally.
Watch the talent shortage panel discussion
You can watch the full panel debate that took place at Cisco Live Barcelona 2018. (The discussion about talent shortage goes from 4:22 to 11:54.)Tags: