For some time, employment statistics have pointed to a shortage of trained and experienced IT professionals specializing in network security. A recent survey from Janco Associates suggests that IT jobs are growing slowly, but that many of those jobs are in specialty areas such as security. Meanwhile, a SANS Institute study reported that organizations consider lack of appropriate skills to be a leading cause preventing them from establishing effective application of security programs.
The abundance of high-profile hacks and corporate data loss over the past year is certainly a spur to companies to beef up their IT security. But what can an organization do if qualified candidates can’t be found? Network security expert and analyst Jon Oltsik published an article that can help, “What CISOs can do about the cybersecurity skills shortage.” Oltsik lists four practical suggestions to help your organization manage through a skills shortage as well as attract the best candidates:
- Carefully assess the existing IT security organization
- Outsource or use services for something
- Consider the cybersecurity skills shortage in every decision
- Turn your organization into a cybersecurity center of excellence
By examining your current staff and processes, you can identify inefficiencies in your organization. As Oltsik says, “you may find that security professionals are doing manual audits of endpoint status or that security controls alterations take days to get through the security and IT operations workflow.” If your organization is performing such tasks manually, it might be time to consider a 3rd party auditing solution that can bring the benefits of automation to your security environment.
Oltsik also notes that an understaffed security team has little time “to learn the ins and outs of complex security technologies and can only babysit different security tools at best.” Naturally, it’s important to consider ease of management when you investigate any third-party solution, and it’s even more critical with security and auditing products. If your staff is already overworked, you need your monitoring solutions to provide you with the correct data and be easy to manage.
In the end, it’s always advisable to remember the human factor. You might not have the budget to hire additional security professional, and if you do, the skills shortage might mean you won’t find the individuals to fill your needs. However, as Oltsik says, you can provide your existing staff with training and continuous learning opportunities, which both improves their skills and their job satisfaction. That’s what he means by creating a “cybersecurity center of excellence”: a place where IT pros will be happy to work and which will encourage others to want to work there.
Threats from cybercriminals continue to be a problem for IT organization, so it makes sense to take advantage of every tool available to protect your important network resources, and support your IT staff by doing so.