Intelligent CIO Middle East Issue 34 - Page 37

+ EDITOR’S QUESTION ///////////////// MOREY HABER, CTO AT BEYONDTRUST T here is no doubt that there is a cybersecurity workforce shortage. Talented security professionals must be challenged, energised, and ultimately happy or they will leave for their next opportunity and higher wages. Organisations of every size are feeling the pain from hackers, ransomware and illegal crypto-mining. Cybersecurity threats affect everyone, all the time. The problem is complex but the solution is actually really simple. Consider these four recommendations to solve your organisation’s staffing shortages: • Universities – The public and private school systems around the world have recognised this deficiency. Many of them now offer advanced degrees in cybersecurity and train students on ethics, hacking techniques, defensive strategies and risk assessments. For many years, these traits could only be learned on the job or with private cybersecurity training from specialised businesses. These students are sharp and just need to be molded into your corporate image. If the security job is not mission critical from day one, I would certainly give these talented individuals a shot and you may be surprised at how eager they are to learn more • Managed Service Providers – If recruiting talent is just not possible due to your industry, size, location, or other factors, consider outsourcing your security to a partner. Economies of scale allow managed service providers to reuse expensive talent and time to benefit all of their clients. While there is some risk with outsourcing, for many organisations the cost and flexibility make it a worthwhile venture that should not be ignored • Consultants – Some organisations do not require full time cybersecurity help for every discipline. Hiring a consultant for periodic work allows for the best talent to be acquired on a temporary basis to perform key security tasks. Something like log reviews is not a good use of a consultants’ time but PCI DSS assessments or penetration testing fit perfectly well within the consultancy model. There is no need to hire someone full time for these tasks unless your organisations size or regulatory requirements mandate it • Promote from within – Every organisation has talented people. That is what makes a business successful. Information Technology personnel are generally some of the most talented but often get bored with routine tasks. I encourage organisations to promote from within to fill cybersecurity gaps and see if any other departments have trusted personnel that could be trained, challenged, and promoted to step up to the mission. They inherently will have a detailed knowledge of your organisation from their previous employment perspective and when overlaid with security, will provide an invaluable resource in managing your protection “ ORGANISATIONS OF EVERY SIZE ARE FEELING THE PAIN FROM HACKERS, RANSOMWARE AND ILLEGAL CRYPTO-MINING. CYBERSECURITY THREATS AFFECT EVERYONE, ALL THE TIME. The cybersecurity shortage does not need to be a dead end for your organisation. Organisations can find help, talent, and resources to fill the gaps but every business must be aware that all cybersecurity professionals are different. Just like doctors from surgery to radiology, they all have specialties. A security professional that manages firewalls is not the same as a pen tester or ethical hacker. They have unique talents for their disciplines. Therefore, when considering these four recommendations, do not be afraid to be specific about t RFVBRVVBBFPFW6&W2BW'6ƗFW2b7FfbFRW'6ƗGb6V7W&G&fW76&WfWvrrfW2F2fW'FffW&V@FFBb6V7W&G&fW76vpVBB6V7W&G6WF2"W&f&֖pgVW&&ƗG76W76VG2VFW'7FFpW"W7B7&W'6V7W&GVVG2vVP'&rFvv6FV6VRvVPfBFR&vBW'6VऔDTĔtTD43p