Solving the Puzzle of the Cybersecurity Talent Crunch
- By Sandeep Bhargava, Rackspace Technology
- March 04, 2024
Addressing the cyber security talent gap is like building a puzzle. Organizations must determine which pieces fit together and do what is necessary to find any missing pieces. Because with the absence of just one piece, the bigger picture cannot be clearly defined.
With an estimated cyber security professional shortfall of 2.6 million positions last year, countries in the Asia Pacific region are implementing initiatives to bridge the gap. For example, Singapore's Cyber Security Agency (CSA) has launched a program to provide foundational and targeted cybersecurity training for non-cybersecurity professionals to help them develop relevant skills. 10,000 training and testing slots will be available for Singaporeans desiring entry-level certifications in cyber security.
However, the impact of such efforts will not be instantaneous. Enterprises must undertake additional efforts and innovative approaches to address the shortage fully and meet regional organizations' cyber security personnel needs.
More flexible recruitment
When searching for the ideal cybersecurity candidate, companies should value a strong foundation in technical fundamentals combined with practical experience. Hands-on experience supported by proper training and mentoring should be prioritized.
Due to the high demand for skilled professionals and their limited availability, organizations should look beyond traditional options. Talent from different industries who do not fit the image of an ideal cybersecurity professional should be considered as long as they possess technical aptitude.
Candidates passionate about research, analytics, innovation, and in-depth problem-solving should also be considered. By embracing diversity in hiring, candidates from different industries can bring fresh perspectives through unique insights.
Retain talent through purpose and challenge
Aside from widening the proverbial fishing net of recruitment, it is equally essential to ensure employee retention. Salaries and remote work options are crucial for it, but so is an environment of challenging and interesting work and professional growth.
Regardless of their level within the organization, employees must feel they are making a meaningful impact on the mission. To empower them, creating an environment where their ideas are valued and seen as influential is crucial.
By allowing new ideas to flourish instead of uncritically adhering to traditional methods, employees may introduce new approaches to solving problems. For instance, a new hire may identify flaws in the authentication process or boost its alignment with user experience.
Aside from developing a sense of purpose for their employees, organizations can also encourage professional growth by identifying aspects of the security program that employees can take ownership of. This makes recruiting individuals who live and breathe the organization's values, vision, and mission doubly important.
Make automation work
Automation can also play an essential role in the current talent crunch. For instance, automation tools - including artificial intelligence (AI) - can free employees from repetitive tasks so that they can dedicate more time to generating value for the business.
Specifically, vis-a-vis cybersecurity, leveraging automation in detection and response solutions can significantly reduce the time needed to generate actionable responses. Meanwhile, the automation of incident triage and evidence collection allows teams to focus on more complex responsibilities such as developing playbook responses, conducting threat hunting and intelligence, and introducing innovative security technologies to the market.
In general, automation tools enhance the scalability of security programs by bolstering security teams' capabilities. At the same time, it helps employee retention by allowing cyber security staff to engage in fulfilling work by automating mundane tasks such as log file analysis.
However, dispelling the misconception that automation replaces human talent or renders it obsolete is crucial. Human involvement will always remain a vital component of security.
The jigsaw's final piece: External partnerships
Bridging the talent shortage requires organizations to take a more strategic approach to resource distribution. By honestly assessing existing gaps and available resources, companies will be able to identify areas where they can develop talent internally and determine the ancillary roles and skill sets that can complement security operations effectively. In addition, organizations can uncover the areas where external recruitment is necessary.
Organizations can leverage technology platforms and engage managed service providers to overcome talent gaps. By identifying core aspects of their security program - such as which aspects of architectural design should be done in-house - organizations can outsource those tasks that would be better with the help of external partners. It is important to note that the cheapest option may not be the best when outsourcing, as this may not provide the required skill sets.
While an organizational security program that has been enhanced and has matured under its Chief Security Officer (CSO) is ideal for any enterprise, the current talent and resource constraints must be considered. It is essential to be realistic and recognize that partnering with external experts extends the organization's internal team.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/BrianAJackson
Sandeep Bhargava, Rackspace Technology
Sandeep Bhargava is the senior vice president for global services and solutions at Rackspace Technology’s public cloud business unit.