How can the CISO tackle the challenge of talent shortage?

Year-after-year, apart from malware, the cybersecurity industry continues to face the major threat of finding skilled professionals.

It’s a crisis that has been validated by concerning numbers from different sources — a report in 2018 by the International Information System Security Consortium (ISC)² noted that the cybersecurity workforce gap had increased to more than 2.9 million globally with 59% of professionals observing that the widening workforce gap put their organizations at risk.

Another report in May 2019 by Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA) found that the cybersecurity skills shortage impacts 74% of organizations with 91% of respondents believing that their organizations were vulnerable to a cyber attack. A Frost & Sullivan report observed that the global cybersecurity workforce will have more than 1.5 million unfulfilled positions by 2020.

Alarming data

Closer at home in India, the trend is similar – between January 2017 and March 2018, job postings by Indian employers for cybersecurity roles increased by 150% according to research. The top Indian companies are actively trying to find ways to invest more in cybersecurity talent to plug this gap.

These are alarming numbers and represent a very real challenge for Chief Information Security Officers (CISOs) to address, all while ensuring they keep their representative enterprises safe from cyber threats. It’s a tightrope for CISOs to walk; here are some pointers on the best course of action they can take:

1. Identify attitude, not skills

When it comes to cybersecurity hiring, unlearning is the need of the hour.

Unlike many other functions, cybersecurity hiring cannot be based just on the basis of skills or certifications, mainly because this is a field where such skills can get outdated very quickly. Rather, there are some specific traits required in cybersecurity professionals — the ability to make sound decisions in crises, working in an organized and disciplined manner, understanding the importance of cybersecurity, etc. being some of them. When CISOs, in partnership with recruiting managers, hunt for cybersecurity talent, they would be better off hunting for professionals with these qualities and attitude, rather than specific skills.

2. Consider cross-skilling

As demonstrated in the last point, a good cybersecurity professional is someone who has certain qualities rather than specific skills. CISOs can consider cross-skilling to tackle the talent shortage in this space – they can try and identify talent within their own organization, providing them with training for cybersecurity. This will help in cost optimization while also enabling a better knowledge management program.

3. Upskill your talent through certifications

It’s not always required to have a huge cybersecurity team even if you have a vast enterprise with many endpoints. A solid small team who has the right skill sets and attitudes may be more effective than a bigger team that works in silos. However, it is important for CISOs to ensure that their current team members stay updated with the latest cybersecurity trends through certifications and regular training. Seqrite offers certification courses like Seqrite Certified Endpoint Security Professional and Seqrite Certified UM Professional, enabling professionals to demonstrate product features, configure security policies and deploy products in standard environments.

4. Consider investing in machine learning and automation solutions

Machine Learning, big data and automation are the buzz words of this decade and cybersecurity is no stranger to them. However, automation certainly provides great opportunities for CISOs when it comes to cybersecurity – by using artificial intelligence to scan huge datasets, it is possible to train systems to identify and take automatic action on anomalies. CISOs can consider exploring these options as they tackle the skill shortage.

The talent gap in cybersecurity is very real and organizations of all shapes and sizes are in the process of finding ways to bridge the gap. In the meantime, to ensure that their enterprises remain safe from cyber threats, they may consider deploying Seqrite’s range of powerful cybersecurity solutions to stay protected from cyber threats.