Leaders in the cybersecurity industry haven't exactly had it easy in the past few years. The lack of cybersecurity talent has coincided with a greater need for cybersecurity caused by rising threat actor activities and more destructive malware. According to the most recent ISC(2) research, there’s currently a shortage of 3.4 million trained cybersecurity workers available worldwide. But the reality is much more complicated than that. The priority is to find individuals with a blend of business knowledge and technical talents. To meet that particular requirement, leaders must play a significant role.
Specialization vs. the bigger picture
The cybersecurity environment is multifaceted, as is the product landscape. It's easy to become engrossed in what's happening in each domain: identity management, security operations center (SOC), extended detection and response (XDR), etc.
Because it is essentially impossible to grasp each of these individual disciplines on one’s own, it’s no surprise that there has been a shift toward increasing specialization as well as a push toward specialized certifications connected to products. The big picture, though, can be overlooked in all of this. Companies need people who can see the big picture and make connections between the various cyber capabilities available to organizations and clients.
One of the main causes of the labor shortage is that many professionals are too narrowly focused on obtaining certificates. They are seeking expertise in a certain product. They undoubtedly master a certain technology during that process, but they don't always possess the flexibility to cross that threshold and perform other cybersecurity tasks. Leaders can contribute to reducing some of these specialization siloes and broadening the scope of knowledge.
Leaders, lead the way
In terms of talent, organizations today must both build and buy. They should encourage team members to attempt new things rather than let their skill lie fallow. Someone might excel at XDR, for instance, but it's crucial to make sure they are exposed to various fields and develop new skills and have the opportunity to try out various security roles. And for individuals, this is an opportunity to raise their hands for new tasks and show leaders they have an appetite for exploring other roles and disciplines.
Encouraging a mentoring culture is another avenue. To accomplish that, you must develop the next wave of security talent by matching junior and more senior staff and then encouraging information sharing between them.
This must start at the leadership level, and it must be done in an organized manner to guarantee that it actually occurs and doesn't just become something that the organization professes to do but doesn't carry out.
Enlarge recruiting pools, seek external resources
Keep an open mind while recruiting and investing in talent. The spotlight is frequently on people who have recently received a degree, but don't ignore individuals who are further along on their career path. Even though they might lack specialized cybersecurity knowledge, they possess other important business and communication abilities (including critical thinking) and are capable of receiving training in the needed security disciplines.
Think about people with liberal arts degrees and other fields besides cyber and computer science. When it comes to certain parts of cyber, people with degrees other than engineering and computer science frequently contribute a fresh and distinctive viewpoint (such as research, tier 2 investigation, threat intelligence, threat hunting and similar activities).
Partners can address organizational gaps and enhance your existing resources. For example, you could outsource the necessary knowledge until you acquire it. You can rely on their technologies til you select which ones you want to buy. This will also give you more time to make some of the aforementioned investments without stressing out about holes in your security. And you might decide that collaborating with a partner is a better option to meet the specific needs of your business than handling everything internally.
Another avenue to think about is collaboration: private and public organizations working together to ensure better cybersecurity for all parties. In addition, there is the shared pool approach, where solutions may be shared to split the expense and the benefit.
Hiring and training to secure the network
Leaders in cybersecurity have the power to significantly improve the skills gap. One significant improvement is to diversify recruiting efforts by looking at people outside the computer sciences sector. Everyone wants to find the ideal employee, but in your quest for perfection, you may overlook other opportunities. You must provide the time and resources for people to develop.
You must also examine your methods to see if you are making the best use of people, processes, and technologies to address your perceived shortage. Perhaps there isn't a skill scarcity as much as there is a need to increase cybersecurity efficiency.
As concerns about cybersecurity grow, it's critical to assess your own security gaps, whether they relate to technology, personnel or both. After that, use your leadership position to make decisions, in light of your findings, that will protect your organization’s network and data.
Amit Gandre is CEO, Americas of Inspira Enterprise.