Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Cybersecurity threats and breaches have increased in number over the last decade, and a consequence of that is a heavy demand for cybersecurity professionals. However, this demand has not been met by a corresponding supply. In fact, labor market research
from Emsi indicates:
Because of this supply/demand gap, some sectors, like fintechs and healthcare, tend to get very competitive, which compounds the severity of this issue for smaller organizations and other sectors because of their limited resources. In addition, work-from-home,
online schooling and a shift to online shopping as a result of the COVID-19 pandemic have driven the demand for cybersecurity professionals even further.
However, as new talent in cybersecurity continues to enter the marketplace, organizations can deploy several creative strategies to meet the needs of the enterprise and acquire and retain top cybersecurity talent.
READ: How to Structure the Information Security Function
A strong cybersecurity program requires appropriate funding, not just for the tools but also for the talent. We recommend CISOs include a big picture view of the enterprise talent situation in metric-driven briefings to the board of directors that
This visibility provides a level of commitment to the security program from a staffing perspective, particularly from the finance arm of the enterprise. A board sign-off or approval also helps with the almost inevitable downstream staffing or budgeting
An un-empowered security organization will struggle with cybersecurity talent attraction and retention. To raise the stature of the infosec program and help team members feel that they are making a difference consider the following:
READ: Secure Coding Basics for Software Developers
Cybersecurity’s staffing challenges require innovative talent acquisition strategies. To ensure your talent pool is large enough to surface the right people, consider:
READ: The BISO Role: Where Business Meets Security
Talent related to cloud, SaaS, DevOps and SOAR is an extremely hard-to-fill niche of cybersecurity. Many enterprises are rapidly onboarding these innovations, which creates the interesting challenge of how to staff up for their security-related aspects.
Skipping the obvious suggestion of paying top dollar, organizations should consider instead focusing on interesting approaches, such as:
READ: Guidance to Overcome the Cybersecurity Talent Shortage
A well-designed information security program and strategy inspires and deeply motivates those who want to do great work and make a profound difference to the fortunes of the company. Examine your strategy with a fine-tooth comb, ensure it aligns with
the needs of the enterprise and push the limits in a way that keeps your top talent engaged, challenged and energized.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
February 21, 2024
By IANS Research
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.
February 15, 2024
By Alex Sharpe, IANS Faculty
IANS Faculty member Alex Sharpe discusses the risks around AI adoption and provides governance guidance to make your AI launch safe and mitigate risk.
February 13, 2024
By IANS Faculty
Learn how to how to use NIST to modify secure baseline configurations to account for risk and improve security posture.