TALKING
‘‘ business
Much has been written about the cybersecurity skills shortage over the last 10 years , but one thing ’ s for certain – it ’ s not going away any time soon .
According to Gartner , 61 % of businesses admit they are struggling to hire skilled security professionals , leading to the number of vacant positions worldwide currently topping four million . In the UK , the government estimates that around 653,000 businesses ( 48 % of all in the UK ) have a basic cybersecurity skills gap in their workforce , while 408,000 ( 30 %) have more advanced skills gaps . In short , there ’ s a big problem .
As an industry , this obviously presents a real and present danger , but how did we get into this position and more importantly , what can be done to resolve it ? This article will look at some of the main challenges associated with filling cybersecurity vacancies , before examining how businesses can retain their existing staff more effectively and build happier , more productive teams . were people I met at security conferences , threat intelligence forums and , ironically , even Twitter .
Conventional job postings and recruitment firms definitely have a place , but in my experience , while they throw up a large number of candidates , few tend to have the necessary skills or experience needed for the advertised position . As such , looking elsewhere can be a much more fruitful way to find the right people for your business .
Tim Bandos , CISO at Digital Guardian
Unsurprisingly , lack of experience is one of the biggest challenges to overcome . In many cases , the hardest roles to fill are those that require extensive hands-on experience , such as senior threat hunters and incident responders , because it takes many years to become an expert in these fields .
Retraining existing employees can be just as effective as hiring new ones
Sometimes the right person can be right in front of you but you just don ’ t realise it . Retraining employees rather than hiring new ones can yield several positive
While attending yearly SANS training courses can prove beneficial – and is highly recommended – it can ’ t replace the knowledge gained from researching and responding to incidents within a real world enterprise . It becomes even more difficult when trying to find qualified candidates with experience in responding to state-sponsored attacks . Understanding a threat actor ’ s tradecraft and knowing what to look for as it relates to TTPs ( Tactics , Techniques and Procedures ) is an incredibly valuable and sometimes a rarely acquired skill .
Cast recruitment nets wide – you never know what you might find
One mistake a lot of businesses make in their attempts to fill all kinds of cybersecurity positions is using the same old recruitment channels . Rather than posting up ads and hiring expensive recruitment firms , look within your own networks , as well as in less conventional places . Some of the best and most qualified job candidates I ’ ve come across
As an industry , this obviously presents a real and present danger , but how did we get into this position and more importantly , what can be done to resolve it ?
outcomes . It gives that employee new skills and possibly lights a new fire to keep them motivated . It also avoids having to spend time and money finding new candidates that may or may not work out .
Additionally , current employees are already familiar with the company and culture , so they can immediately hit the ground running . As such , one of the first questions businesses should always ask themselves when looking to fill a position is , ‘ could there be someone already here that we can repurpose and grow ?’
www . intelligentcio . com INTELLIGENTCIO EUROPE 39