Feeling the Security Skills Shortage Pinch? Look Beyond Credentials

Skills shortage
GreyCampus' Jane Thomson

Jane Thomson

By Jane Thomson, Content Marketing Manager, GreyCampus

From GDPR to the latest mega-breach, current events are driving home to organizations across the spectrum the need for robust, proactive security. Too bad that there aren’t enough information security professionals to meet all that demand. You’ve no doubt seen the numbers: ISSA/ESG’s latest survey on the topic shows 70 percent of respondents believe that the cybersecurity skills shortage has had an impact on their organizations. That’s up from 23 percent in 2014.

Organizations like the one I work with are moving as fast as possible to educate the next cohort of security pros. But until then, here’s a hint: Don’t just throw out more of the same old job postings asking for “X” years of experience and “Y” certifications; instead, seek out versatile technology professionals who are aware of the security situation, are eager to learn new technologies and have the soft skills to work in geographically diverse teams with colleagues of varied knowledge bases and technical expertise.

In my experience, partners are much better off finding someone with these five traits and investing in giving that person the security-specific education that’s most relevant for your customers.

  • Vertical-specific and technical know-how: If your business is providing communications services to health-care firms, look for people who understand how to assess a UCaaS product in light of HIPAA requirements, or know the rules around how a nurse may email patient data. If you serve hospitality, insights into PoS systems and Wi-Fi provisioning are invaluable. People who understand how to build backup systems to protect Office 365 are natural ransomware-busters. Individuals who hold relevant experience in a vertical field along with a grounding in technology can be taught how to spot malicious attacks — and even better, might have insights on how to better build systems to avoid opening holes attackers can exploit.
  • Problem-solving skills: When it comes to connecting the dots between existing technical competence and newly learned security skills, creative and resourceful people, aka problem solvers and good collaborators, have an edge. These are select applicants who are analytical and can make connections others may not. Knowledge about security procedures is good; the insight to proactively avert threats and recover fast is better.
  • A keen eye for detail: Natural infosec professionals have an investigative and inquiring nature. Employers need to understand that the cybersecurity process is not just about a policy-based approach toward prevention of cyberattacks; there is more to it. Think of the detail-orientation and technical know-how to do a thorough investigation, combined with education in best practices in responding to attacks. Someone who is naturally curious has the potential to grow into an infosec pro who can use forensic data to track and contain attackers.
  • Trustworthy, sensible and ethical: An employee charged with securing systems obviously requires a high level of privileged access, yet malicious insiders are a huge threat to companies. In the case of partners, security pros on your staff might have access to not only your own systems but those of dozens or hundreds of customers. Yes, there are tools to monitor people with privileged access, and we recommend them. But you need to …

    Pages:  1 2 Next

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 102289