Share this article on:
Angeline Maronese from Rackspace Technology explains how stakeholders can fill the gaping cyber security skills shortage.
The recent growth in data volumes, digital operations and remote work, along with a technical talent crunch, have made our local security environment all the more challenging. While the security environment has always been complex, the impact of a technical skills shortage will be felt for years to come as IT leaders struggle to effectively match their cyber security response to evolving data, malware phishing, supply chain, ransomware, cloud, IoT and application attacks.
Talent shortages will increasingly make it hard to maintain a cutting-edge security and technology posture. It is one of the most significant barriers to adopting emerging technologies across six domains: compute infrastructure and platform services, network, security, digital workplace, IT automation and storage and database.
In other words, new technologies that accelerate growth. But more than three million jobs will go unfilled this year, presenting a huge challenge to businesses migrating to the cloud and driving digital transformation. In fact, the Tech Council of Australia also recently pointed out that in order for the country to employ one million people in the tech sector by 2025, we need an additional 286,000 workers to join the sector.
As we slowly emerge out of pandemic related-lockdowns and restrictions, there’s one thing we can all agree on – where do we go from here to attract and retain talent, and bridge the skills gap?
Get creative
There’s no "perfect" cyber security hire. When recruiting for technical talent, businesses should prize a strong base of technical fundamentals, backed by realistic expectations of practical experience.
Thinking outside the box is always a great tactic. Whether looking at internal resources or new hires, consider talent across the industry. Look for someone who is technically savvy but not necessarily a "hardcore techie" to navigate the industry’s high competition and inspire new career paths that talent may have never considered. Diversity brings in new perspectives, creating agility and resourcefulness.
Furthermore, be honest about your talent need and experience, creating false standards or promoting competitive compensation. Your HR leaders not understanding the requirements of technical capability, will hamper recruitment efforts before these even start.
Empower talent
Make time to invest in each employee and to not overlook the key driver of providing value. With technical skills in high demand, salaries and remote work options must form part of the conversation in keeping existing talent, along with ensuring staff remain challenged and excited about the work they’re doing. It is just as important that the business prioritises hands-on experience with training and mentorship to support growth.
However, growth doesn’t always need to be skill-based – it can be facilitated by identifying what parts of your security program other people can own. With security talent tending to be mission-focused, identifying those aligned with company values and vision can empower entry-level to senior level talent feel like they’re making an impact.
In this way, allowing a variety of perspectives to sense-check existing cyber security plans can drive innovation based on real-world experience to prioritise the right investments. The important thing is to allow it to happen, rather than suppressing new ideas, because you’ve always done something a certain way.
Leverage automation
Automation is a valuable tool in retaining talent. It automates the noise of mundane tasks, allowing teams to direct creativity towards more impactful ideas. This can already be seen in detection and response solutions, with technology shortening the time it takes to action responses.
Nevertheless, automation can also run the risk of sending a message that people will and can be replaced – a notion that is simply untrue. Security requires a human element to focus on higher orders of thinking such as playbook responses, threat intelligence and bringing new security technologies to market. So, the important part is how we bring automation to life. For example, by automating incident triage and evidence gathering, teams can focus on the things they’re interested in, rather than trawling through log files that a computer could do instead.
Delegate duties
Finally, be more strategic in terms of investments. Make an honest assessment of where gaps lie and the resources you will have to address ever-scaling challenges. This way, you can identify the areas to invest and grow your own talent, and the alternative skill sets that could apply themselves well to security operations.
Now more than ever, organisations need to explore cutting-edge security safeguards that align with agile, cloud-first operating models. Look at what’s core to your business such as the architecture of your security program, which you could choose to keep in-house, then outsource the tasks that are easier and more affordable to do so. Through cloud technologies, organisations can solve business problems by tapping into a pod of experts to work as an extension of the internal team, and ultimately address complex and evolving security and compliance challenges while closing the gap.
One of core drivers of our technical skills gap, is how new technology has accelerated faster than we can train our people to secure these. As we move through a COVID-influenced economy and look to business continuity, organisations will need to evaluate what today’s new risk profile means for investment decisions in the year ahead. Being realistic particularly in today’s environment of talent, resource crunches and skills sets will be key to business continuity.
Angeline Maronese is the managing director for Australia and New Zealand at Rackspace Technology.