Addressing the Cybersecurity Job Landscape
- Published: Wednesday, Feb. 13, 2019
The availability of candidates with the expertise to fight cyber crime is desperate. Year after year we are seeing this problem grow. Endpoint protection is no longer the sole focus of an organization’s defenses. Aside from the network’s basic infrastructure a cybersecurity professional will need to zone in on cloud security, software applications, data storage, insider threats, and end user education.
Organizations are grappling with multiple decisions including budgeting, justification and hiring dilemmas. After all, many cybersecurity professionals with the right skill sets already have jobs.
There are more jobs than the qualified people to fill them. So how can an organization overcome this problem?
One solution is to grow within. Allow your current IT staff to expand their skillset. Choose the individuals in your organization and reinvent their role. Provide the appropriate training and incentives (pay increases) in order to maintain a consistency and fluidity of familiarity with the environment and personnel.
When recruiting cyber security talent it is important to ‘look outside the box.’ You may not have the budget to hire a candidate with cyber security degrees and credentials. Look for candidates in other areas such as technical colleges or non-traditional roles. There will be multiple businesses looking at these individuals as well. You will need to offer incentives and enticements in order to stand above the rest. Target the minimum qualifications that you need to fulfill the position and avoid a laundry list of job assignments.
Hiring a ‘cybersecurity professional’ does not necessarily fill the needs of the organization. No more than hiring an EMT fulfills all of the medical roles in healthcare. That is why it is important to focus on the needs and goals of your organization in order to hire the right person for the job. Do you need a developer, data or forensic analyst, or chief security officer?
Many security tasks can be automated through the use of security software but this is no magic bullet. Without the security professional role it can be difficult to identify the areas that need manual focus.
One thing that many organizations take for granted is the feeling that they have nothing to offer to the cyber criminals and therefore, are not a target. Research will show that 61% of small businesses experienced a cyber attack in 2017. The crooks know that smaller enterprises may not have allocated the resources to protect their environment, so they become an easier target.
Let’s focus on getting K-12 schools trained for this increasing career opportunity. Developing more STEAM courses in schools is a great start. Getting involved in IT infrastructure, help desk, coding and software development are all good goals.