By James A. Martin
With the tech sector booming and unemployment low, cybersecurity talent can be hard to recruit and retain. The implications for business resilience are particularly worrisome.
Career website Cyber Seek estimates more than 300,000 cybersecurity jobs remain unfilled in the U.S. It’s predicted that by 2021, there will be a global shortfall of 3.5 million cybersecurity jobs, according to Cybersecurity Ventures. There’s even a bipartisan bill in the House of Representatives, the Cyber Ready Workforce Act, designed to address the cybersecurity workforce shortage crisis.
C-suite executives say the inability to “identify and fill gaps in cyber talent,” along with the capacity to build a “cyber-savvy workforce,” are among their top concerns in regards to business resiliency, according to a Business Insurance study. Here’s what you need to know about the impact of the cybersecurity talent shortage on business resilience, security, cloud computing and other IT functions—and what you can do about it.
Given the accountability business leaders will likely place on IT and security teams, coupled with the talent shortage, businesses must find ways to do more with available resources.
- IT teams will be held accountable
A recent survey that Qualtrics conducted on behalf of Sungard AS found that 40 percent of respondents believe their organisation’s leaders will hold IT teams accountable for cyberattacks or breaches. Security teams ranked second, at 23 percent. A recent survey that Qualtrics conducted on behalf of Sungard AS found that 40 percent of respondents believe their organisation’s leaders will hold IT teams accountable for cyberattacks or breaches. Security teams ranked second, at 23 percent.
“Given the accountability business leaders will likely place on IT and security teams, coupled with the talent shortage, businesses must find ways to do more with available resources,” says Shawn Burke, Global CSO at Sungard AS.
- It’s hard to find experienced cyber talent in SaaS integration and network architecture
“As businesses increasingly move to a cloud-first, Software-as-a-Service (SaaS) computing infrastructure, it’s been challenging for enterprises to find cyber talent with skills in this area,” says Chris Fielding, CIO at Sungard AS. “Often the expertise needed is in demand by other organisations, which makes these skilled professionals hard to snatch up,” she adds. Similarly, companies face talent shortages in network architecture, too. “A cloud-first strategy puts different strains on the network and requires a rethinking of methodology,” a skill set not yet plentiful in the cyber talent pool, Fielding says.
- Strong communication skills are needed—but can be in short supply
“Being able to defend a technical recommendation based on tangible reasons that solve a business problem in writing or verbally is a very important skill in the industry, and while this may sound easy, it requires multiple skills that are rare to find in one person. Knowing the security implications with regards to the business problem being solved can significantly impact how resilient an architecture design is. Instead of the security stiff-arm that has been prevalent in the past, understanding the problem and what technology best addresses the concern and being able to succinctly communicate that as part of the design process is key,” says Todd Loeppke, Lead CTO Architect for Sungard AS.
- AI and machine learning can help
Behavioral analytics and artificial intelligence (AI) can help businesses do more with constrained resources. “I anticipate more security vendors will integrate AI into their products to improve prevention and detection capabilities, and more companies will look to leverage automated security products to alleviate the lack of human resources, skill levels and time,” Burke says. But too often, enterprises hire IT team members with a more generalized skill set and background, says Greg Cox, CTO Architect for Sungard AS. “Machine learning is a huge growth opportunity, and being skilled in AI will become a requirement for those working in areas of technology that are not purely hardware-focused,” he explains. The IT professionals most prepared for this shift will not only be proficient in AI but mathematics and general computer science work as well, Cox adds. “Improving critical thinking ability and pulling together individual components to create a higher-value offering, IT professionals can separate themselves from the pack and show their worth as a high-performing asset to the organisation.”
- Focus on building team members’ skills
One way to combat the cyber talent shortage is to help your current workforce develop new, or deepen existing, skills. Consider the shortage of skills in SaaS integration, for example. To help close the talent gap in this area, focus on further developing existing employees’ skill sets. “Determine the employees who would be the best fit for the integration platform and then cross-train them to the new technology,” Fielding explains. “While this may initially slow your progress and lead to a few missteps, the payoff will outweigh initial setbacks and ramp-up required when onboarding new employees. You’ll end up with a stronger team that’s excited to learn new skills they can deploy in better serving the business.”
- Keep your finger on the pulse
Stay focused on what’s happening in the IT industry and assess the changes happening that can make your IT environment more resilient and cost-effective, notes Fielding. “IT is constantly changing, so it’s important to bring a positive mindset to the organization that change and evolution are good,” she says.
- Keep exploring new technologies to keep teams engaged
“Team leaders should be forward thinking and consider how to best use new technologies to improve both the end-user experience as well as IT productivity and resiliency,” Fielding says. “This mindset to test new technologies in order to find new efficiencies opens the door to a Proof of Concept (PoC), which can be a way to investigate future technology options. The PoC gives employees both the excitement of being a part of a team testing new technologies and their opportunities, and a vision for how their skill set should progress to fit the new technology and goals.”
- Promote from within
To keep your team members engaged, focus on nurturing talent and promoting from within. “As your team gains these new cyber skills, it’s important to offer them new opportunities, too,” Fielding says. “You need to always be on the lookout for options to offer within your business. You can’t be afraid of people moving on. You never know when you may have an opportunity to work with them again.”
James A. Martin has written about security and other technology topics for CIO, CSO, Computerworld, PC World, and others.