If you do a quick Google search for ‘Cyber Security Skills Gap’, you’ll see countless articles on the gap and the enormous need for skilled workers in Cyber Security.
The cyber threat landscape is continuously broadening. While the security tools arsenal is adapting to meet the threats, the people to build, adjust and maintain them aren’t exactly a dime a dozen.
Often there seems to be a bit of a disconnect between what an organization wants and what they need. Many want educational requirements like a Bachelors degree or Masters in Cyber Security for their teams; however, these academic achievements are difficult to find due to the relative newness of the field and academia’s “big wheels turn slowly” bureaucracy. If you find one, undoubtedly they’re committed to the field, but they can be extremely difficult to find. We suggest that what many organizations need is the right person with the proper training and a desire to keep learning.
So who’s the right person? People with the ability connect technology and your business, but also the ability to connect with the people within the organization – suddenly soft skills are the hard skills. We offer that the character of an employee in Cyber Security requires someone who is curious, good at figuring out the problems, and can conduct the detailed analysis that it entails. People who don’t give up until the puzzle is solved. You want people who even question the puzzle itself and can carry concurrent lines of thought. Are the people in your organization already that show incredible aptitude for learning new things quickly? Do they know your business and the business of the clients they’re tasked to?
You may have found your candidate.
Training is the next piece of the puzzle.
When we’re looking for those afore mentioned degrees we want, we may actually need the proficiency gathered in a candidate’s training, often buried in the educational section of their resume. Many of the requirements we seek are gathered through IT specific security training, such as (shameless plug #1) a SANS certified mentor class being offered here at rSolutions: Hacker Tools, Techniques, Exploits and Incident Handling on March 21 through April 11, 2017. Courses like these take people with working knowledge of your systems and business, and transform them into the knowledgeable Cyber Security resources required. Other training is available too through many other organizations and it’s important to note we feel continual training isn’t just a good idea, it’s fundamental. Here at rSolutions we train at a ratio of 3:1 meaning our peeps are training one hour for every three they work.
This keeps rSolutions not only current, but ahead, which is where you need to be. If you want some quick suggestions, here’s our top four training choices, and yes, rSolutions have all these and far more:
- CompTIA Security+
- GSEC: SANS GIAC Security Essentials
- CISSP: Certified Information Systems Security Professional
- CISM: Certified Information Security Manager
In your neck of the woods there may simply be few options for good hires. Your existing staff resources may be too valuable to their current teams to train elsewhere (replacing one problem with another isn’t a good idea). The training required for the resource may be out-of-reach due to time or budget restraints. Lastly, once trained, you’ve created a highly sought after resource and you might want to broker a non-compete clause. We’ve all heard about the “million unfilled InfoSec jobs”, that’s why you read the article this far, and the other side of that is retention of highly skilled resources. So why buy, when you can lease?
At rSolutions (shameless plug #2), we started our business on Cyber Security and have advanced resources that teach the classes and proctor the exams for InfoSec designations. We provide Managed Cyber Security services that have the clearances, industry referrals across every major vertical in business and the business-first focus that can help improve your security posture in the short-term and will even work with you to prepare for the long-term.
So why is outsourcing such a good idea?
Cyber Security is advancing so quickly that it’s a challenge to get a handle on the breadth of the threat landscape, the evolution of threats within that landscape and the proper tools to mitigate them. Outsourcing to a managed security model shifts some of the responsibility for your information security and puts it in the hands of qualified experts, allowing you the time to focus on the business and the day-to-day operational demands of supporting your information infrastructure.