If you keep up with cybersecurity industry news at all, you know that a talent shortage is one of the most significant challenges we face.
Yet many businesses fall short when it comes to building and maintaining their cybersecurity workforce. In my time as CIO and VP of Operations at McAfee, I’ve learned that your best cybersecurity recruits are already working at your company. Read on for 4 reasons why educating your team is not only an excellent investment, but a priority for developing a cybersecurity team that can deal with advanced threats.
- Cybersecurity needs broader awareness throughout IT
We need to establish programs to drive participation and engagement—and even enthusiasm— for cybersecurity. One way to do this is to invest in security education with specific role-based training in areas such as Application Security. With trained employees the number of vulnerabilities in code drops significantly, as does the time it takes to turn around changes in production applications. Additionally, broader cybersecurity awareness across IT leads to improved compliance and controls, in areas such as access control, vulnerability management, and change control.
- Employee training and development is key to retention
In a recent study on the global security workforce, almost half of the survey respondents cited lack of training as one of the reasons their cybersecurity staff left the company. Not only do people want to learn and grow in their jobs and career, but they know they need to keep their cybersecurity skills and knowledge current to perform well. Training and development are among the clearest alignment points for cybersecurity businesses and employees. Finally, when they participate in conferences and seminars, security professionals can broaden their networks, providing your team with opportunities for knowledge exchange, threat intelligence sharing, and exposure to best practices.
- Your best cybersecurity recruits are probably already part of your team
The talented technology and business professionals that know your people, systems, and business processes can cross over to the security team with the help of some hands-on training and IT security courses. Given the scarcity of skilled security workers, we need to open up security roles to anyone who has the aptitude and interest. Consider broadening access to boot camps and host hack-a-thon activities to find new recruits within.Hacking elements are part of popular shows, such as Mr. Robot, and games, such as Watch Dogs, Deus Ex, Bioshock, and Fallout, exposing people without formal security training to cybersecurity concepts. Though many organizations look for a relevant technical degree as the minimum qualifications for a job in cybersecurity, interest and hands-on experience are at least as effective in building skills.
- Keep other options at the ready
Increasing your investment in security awareness, training, and development will help raise your security posture and increase employee retention. However, it ultimately may not be enough to address all of your security needs. Managed security services providers are an additional resource used by many organizations for additional help with 24/7 coverage of security operations monitoring, specialized skills for forensic analysis, or surge staffing during critical periods.
Patty Hatter is vice president and general manager of the Intel Security Group Professional Services organization at Intel Corporation. She recently transitioned from the role of Intel Security CIO, and prior to that was the vice president of Operations and CIO at McAfee. She has overall responsibility for leading the professional services organization and expanding Intel Security’s consulting, managed services, deployment, and training services.