By Matthew Burrows , BSMimpact . com
We ' ve talked for years about it not being all about technology . Many seem to have a love / hate relationship when it comes to process - some saying that we don ' t want more process . The merits , opportunities and challenges of cloud , digital , big data , dev / ops , agile , IoT , SIAM , standards , frameworks , and many other topics are all hotly debated . The subjects of people , knowledge , skills and competencies also contain many areas for potential disagreement . The latest versions of most of the international standards that we deal with , including ISO / IEC 20000 ( for Service Management ), ISO / IEC 27001 ( Information Security ), and ISO 9001 ( Quality Management ) have been aligned , and extend their focus on people and their skills / competencies .
Recently I witnessed a disagreement between two experts over whether there is or isn ' t a skills shortage in our industry . The part that interested me was that they were able to have a disagreement because neither of them " knew " the answer . I was able to get them to agree on something , that we need an answer to the following questions :
What skills do we have ? What skills do we need ? The planning of any journey requires confirmation of the destination as well as the starting point , and the answers to these questions are critical to establish the starting point and the destination of the next leg of our skills and competencies journey , both at an individual and an organisational level . However , when I ask professionals at all levels around the world , hardly anyone is confident they can answer either of these questions .
What help is available ? SFIA , the Skills Framework for the Information Age , has become the globally accepted common language for skills in the digital world . It provides descriptions of skills and responsibilities for professionals in and around information and communications technology .
SFIA is used in nearly 200 countries and is growing fast . It enables individuals to easily assess current skills and levels , identify skill goals and plan professional development , and match skills to roles and jobs .
SFIA Version 6 , released in 2015 , contains 97 skills , each described at one or more of 7 levels of responsibility . To aid navigation , SFIA structures the skills into 6 categories , each with a number of sub-categories . It also describes 7 generic levels of responsibility , in terms of Autonomy , Influence , Complexity , and Business Skills .
One of the areas that has grown since the publication of V5 , and is therefore reflected in V6 , is the area of cybersecurity . SFIA V5 contained three core skills for security professionals : Information assurance , Information security and security administration . All of these were updated in V6 , including adding a level 7 description for Information security and level 1 and 2 descriptions for Security administration .
SFIA V5 also contained 10 skills which specifically included the word ‘ security .’ Investigation identified another 22 SFIA skills which were regularly used to describe the roles of security professionals and were needed for security capabilities , but didn ’ t include the word ‘ security ’ anywhere . Apart from demonstrating the limitations of using word search to identify relevant skills — which sadly many users resort to — it highlighted how much coverage SFIA already had for this area . Security references were specifically added to Solution architecture ,
22 itSMFI Forum Focus — September 2016
Systems development management , Programming / software development , and Testing .
Digital forensics ( DGFS ), and Penetration testing ( PENT ) were also added to the skills list in V6 .
SFIA works well with the various cybersecurity frameworks and information security standards . However , it covers a much wider scope , defining skills needed across the complete digital information and communications technology landscape .
With regard to digital forensics , cybersecurity and information security , SFIA is being used to help quantify and close the skill / capability gaps , providing a consistent model for all ( ICT ) professions .
It ’ s not just about determining the headcount gap regarding the number of cybersecurity professionals , but it assists in understanding how organisations can build their own cybersecurity capability .
By understanding the unique skills required , organisations can determine if the gaps are in knowledge , role design and / or professional skills . It helps determine who needs upskilling , which roles may require a redesign , and identifying relevant training , mentoring , knowledge transfer and other development activities .
Of course , security is just one of the many ICT elements covered in SFIA . Organisations and governments around the world use SFIA in a multitude of different ways , from defining role profiles and job descriptions to recruitment and procurement . SFIA is also utilized in talent and skills management to quickly identify an individual ’ s skills , the skills they may be lacking , and recommendations for further education and training .
What to do next In simple terms , use SFIA to do a baseline assessment to confirm what skills your individuals have , and provide a rolled up view of these for the organisation . We can help you to complete this in a matter of only a few weeks , and with relatively modest cost . There are always reasons not to do something , but I ' d argue that none of us can afford not to know the answer to these basic questions , and we should just get on with it .