ORGANISATIONS OF EVERY SIZE ARE FEELING THE PAIN FROM HACKERS , RANSOMWARE AND ILLEGAL CRYPTO-MINING . CYBERSECURITY THREATS AFFECT EVERYONE , ALL THE TIME .
Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
MOREY HABER , CTO AT BEYONDTRUST
EDITOR ’ S QUESTION
/////////////////
There is no doubt that there is a cybersecurity workforce shortage . Talented security professionals must be challenged , energised , and ultimately happy or they will leave for their next opportunity and higher wages .
Organisations of every size are feeling the pain from hackers , ransomware and illegal crypto-mining . Cybersecurity threats affect everyone , all the time . The problem is complex but the solution is actually really simple . Consider these four recommendations to solve your organisation ’ s staffing shortages :
• Universities – The public and private school systems around the world have recognised this deficiency . Many of them now offer advanced degrees in cybersecurity and train students on ethics , hacking techniques , defensive strategies and risk assessments . For many years , these traits could only be learned on the job or with private cybersecurity training from specialised businesses . These students are sharp and just need to be molded into your corporate image . If the security job is not mission critical from day one , I would certainly give these talented individuals a shot and you may be surprised at how eager they are to learn more
• Managed Service Providers – If recruiting talent is just not possible due to your industry , size , location , or other factors , consider outsourcing your security to a partner . Economies of scale allow managed service providers to reuse expensive talent and time to benefit all of their clients . While there is some risk with outsourcing , for many organisations the cost and flexibility make it a worthwhile venture that should not be ignored
• Consultants – Some organisations do not require full time cybersecurity help for every discipline . Hiring a consultant for periodic work allows for the best talent to be acquired on a temporary basis to perform key security tasks . Something like log reviews is not a good use of a consultants ’ time but PCI DSS assessments or penetration testing fit perfectly well within the consultancy model . There is no need to hire someone full time for these tasks unless your organisations size or regulatory requirements mandate it
• Promote from within – Every organisation has talented people . That is what makes a business successful . Information Technology personnel are
“
ORGANISATIONS OF EVERY SIZE ARE FEELING THE PAIN FROM HACKERS , RANSOMWARE AND ILLEGAL CRYPTO-MINING . CYBERSECURITY THREATS AFFECT EVERYONE , ALL THE TIME .
generally some of the most talented but often get bored with routine tasks . I encourage organisations to promote from within to fill cybersecurity gaps and see if any other departments have trusted personnel that could be trained , challenged , and promoted to step up to the mission . They inherently will have a detailed knowledge of your organisation from their previous employment perspective and when overlaid with security , will provide an invaluable resource in managing your protection
The cybersecurity shortage does not need to be a dead end for your organisation . Organisations can find help , talent , and resources to fill the gaps but every business must be aware that all cybersecurity professionals are different . Just like doctors from surgery to radiology , they all have specialties .
A security professional that manages firewalls is not the same as a pen tester or ethical hacker . They have unique talents for their disciplines . Therefore , when considering these four recommendations , do not be afraid to be specific about the talent you need and the desires and personalities of staff . The personality of a security professional reviewing log files all day is very different than that of a security professional managing end point security solutions or performing vulnerability assessments . Understanding your exact cybersecurity needs will help you narrow down which technique will help you find the right personnel . • www . intelligentcio . com INTELLIGENTCIO
37
+
EDITOR’S QUESTION
/////////////////
MOREY HABER, CTO
AT BEYONDTRUST
T
here is no doubt that there is a cybersecurity workforce
shortage. Talented security professionals must be challenged,
energised, and ultimately happy or they will leave for their
next opportunity and higher wages.
Organisations of every size are feeling the pain from hackers,
ransomware and illegal crypto-mining. Cybersecurity threats affect
everyone, all the time. The problem is complex but the solution is
actually really simple. Consider these four recommendations to solve
your organisation’s staffing shortages:
• Universities – The public and private school systems around the
world have recognised this deficiency. Many of them now offer
advanced degrees in cybersecurity and train students on ethics,
hacking techniques, defensive strategies and risk assessments.
For many years, these traits could only be learned on the job or
with private cybersecurity training from specialised businesses.
These students are sharp and just need to be molded into your
corporate image. If the security job is not mission critical from day
one, I would certainly give these talented individuals a shot and
you may be surprised at how eager they are to learn more
• Managed Service Providers – If recruiting talent is just not
possible due to your industry, size, location,
or other factors, consider outsourcing your
security to a partner. Economies of scale
allow managed service providers to reuse
expensive talent and time to benefit all of
their clients. While there is some risk with
outsourcing, for many organisations the
cost and flexibility make it a worthwhile
venture that should not be ignored
• Consultants – Some organisations do
not require full time cybersecurity help for
every discipline. Hiring a consultant for
periodic work allows for the best talent
to be acquired on a temporary basis to
perform key security tasks. Something
like log reviews is not a good use of a
consultants’ time but PCI DSS assessments
or penetration testing fit perfectly well
within the consultancy model. There is no
need to hire someone full time for these
tasks unless your organisations size or
regulatory requirements mandate it
• Promote from within – Every
organisation has talented people. That
is what makes a business successful.
Information Technology personnel are
generally some of the most talented but often get bored with
routine tasks. I encourage organisations to promote from within
to fill cybersecurity gaps and see if any other departments
have trusted personnel that could be trained, challenged, and
promoted to step up to the mission. They inherently will have
a detailed knowledge of your organisation from their previous
employment perspective and when overlaid with security, will
provide an invaluable resource in managing
your protection
“
ORGANISATIONS
OF EVERY SIZE
ARE FEELING
THE PAIN FROM
HACKERS,
RANSOMWARE
AND ILLEGAL
CRYPTO-MINING.
CYBERSECURITY
THREATS AFFECT
EVERYONE, ALL
THE TIME.
www.intelligentcio.com
The cybersecurity shortage does not need to be
a dead end for your organisation. Organisations
can find help, talent, and resources to fill the
gaps but every business must be aware that all
cybersecurity professionals are different. Just
like doctors from surgery to radiology, they all
have specialties.
A security professional that manages firewalls
is not the same as a pen tester or ethical
hacker. They have unique talents for their
disciplines. Therefore, when considering these
four recommendations, do not be afraid to
be specific about t �RF�V�B��R�VVB�BF�P�FW6�&W2�BW'6��ƗF�W2�b7Ffb�F�RW'6��ƗG��b6V7W&�G�&�fW76�����&Wf�Wv��r��rf��W2��F��2fW'�F�ffW&V�@�F��F�B�b6V7W&�G�&�fW76������v��p�V�B���B6V7W&�G�6��WF���2�"W&f�&֖�p�gV��W&&�ƗG�76W76�V�G2�V�FW'7F�F��p���W"W�7B7�&W'6V7W&�G��VVG2v����V���P��'&�rF�v�v��6�FV6��VRv����V���P�f��BF�R&�v�BW'6���V��औ�DT�ĔtT�D4��3p