NEWS + ADVICE
National Cyber Security Awareness Month
No matter where you look, you will hear something about cyber security. Hackers, ransomware, threats, intrusions, malware – no industry or sector is completely secure. To top this all off, finding the talent to protect, detect and mitigate breaches and attacks is getting harder each day, or close to impossible.
With the launch of Cyber Security Awareness month, we will be taking a look at a few of the most recent studies on the challenge of finding and retaining cyber security professionals. We will add to this feedback from several of the cyber security and hacker conferences we have attended over the last 18 months.
How critical is this shortage? In a recent study, 71% of CISOs said the shortage has done measurable damage on their businesses. One in four say insufficient staff strength — not the numbers of staff, but the breadth of their staff’s expertise — has damaged their reputation and led directly to intellectual property loss. This combined with reports of anywhere from 500,000 unfilled U.S. jobs to a predicted 2 million unfilled jobs globally by 2019, and we are in crisis mode for filling cyber security positions.
Many cyber security professionals have come to believe that there isn’t a skills shortage, but rather a communication challenge. Attend any security conference from BSidesLV to DerbyCon, from Shmoocon to ISC2, and the conversation is more about how difficult it is for information security professionals to find the right position and the right company. It takes on average 16 months to fill a position, but the average tenure of an IT or security professional is 13 months. Employers are not only not filling their positions, they are barely keeping up with their attrition.
Is cyber security recruiting and retention different than any other industry? The experts disagree on this. Some say that recruiting technical talent is a skill set unto itself, while others say that technical recruiting is about being a good relationship builder and communicator with audiences that are hard to find. We will look at how recruiting for this hard to find talent is exposing some critical challenges in recruiting overall.
What is the answer? Many say we need more education, certification programs, and a new government nomenclature. But do we need all of it? None of it? To start all over?
Looming on the horizon is also the possibility of automating many of these processes and taking out the human element of the equation. But then again we will have a new skill set needed to monitor the automation.
Join us as we explore each of these questions and provide a few answers to help with your cyber security recruiting.This entry was posted on Tuesday, October 04, 2016 3:54 pm