How can you address the shortage of skilled cybersecurity professionals in your organization?
Jon Oltsik posted an article recently on csoonline.com about the shortage of skilled cybersecurity professionals and how this shortage is becoming problematic for more large organizations. Jon’s article cites data from Enterprise Strategy Group’s (ESG) year-end survey of IT Professionals that shows an 11% increase in the number of organizations reporting a problematic shortage of cybersecurity professionals over the last 4 years. Last year’s report showed an astonishing “53% of organizations report a problematic shortage of cybersecurity skills.” Jon’s complete article can be found at the following link. The cybersecurity skills shortage is getting worse.
I’m sure that this information isn’t new if you work as a cybersecurity professional or are in the unenvious position of trying to find skilled professionals to fill open positions in your organization. Seeing the actual data to backup what we all knew does bring to light how critical this situation is to the security of our organizations.
Jon has proposed several insightful ways in which the cybersecurity skills shortage can be fixed but he also points out that this will not be quick, and it will require cooperation with both government agencies and technology vendors. In mean time, as Jon states in his article, “security managers must take the cybersecurity skills shortage into account with every decision they make. “
Another, perhaps overlooked, side of the cybersecurity skills shortage is that the cybersecurity professionals in our organizations are so busy fighting fires or just monitoring the infrastructure that they have no time or energy to look at any new and innovative technology that they can use to reduce their workload. We all know that there are still costs associated with a vendor’s “free POC” but when those short term costs result in significant long term manpower savings for our most critical resource, we need to at least consider this option.
The ZoneRanger in one of those innovative products that has shown many times over a significant savings in cybersecurity manpower while increasing network security and simplifying firewall management. I’m sure that there are others but unless we setting aside some time each week to look at new products and process improvement, we are stuck waiting training initiatives and market conditions increase the availability of cybersecurity professionals.