The shortages in cyber security professionals have been exacerbated because of the COVID-19 pandemic. According to recent research conducted by the NCC group internal skills shortages are the main security challenges for the next six months. This article describes three steps employers can take to deal with this shortage.
The respondents of the research conducted by the NCC group are 290 cyber decision makers. From this group of respondents, 40% said to have frozen their recruitment in cyber in 2020 and 29% reported to have made security personnel redundant. Regrettably, this meant an increase in every type of cyber-attack in the last 12 months in organisations that have made cuts in their security personnel. To grow your cyber workforce again, three strategies are proposed.
Target your recruitment
Recruitment can be a costly and time-consuming effort; it is therefore important to focus on quality rather than quantity. This means you should identify the specific skills that your organisation needs and would benefit from. Based on that you can target your recruitment efficiently. You can start by reviewing your business strategy and creating a security roadmap to determine the skill sets that you will need to execute that strategy. Distinctions can be made between medium and long-term priority areas through benchmarking tools. In case you are not aware of your organisation’s current security recruitments you can consider assessments such as cloud security reviews or red teaming exercises.
Nevertheless, it can still be a challenge to recruit security talent. Partners of HSD use www.securitytalent.nl to connect to this niche group next to their regular channels. Some participate in initiatives such as the International Cyber Security Summer School, work together with education (for instance as a hybrid teacher) or diversify their staff and hire people with unique abilities.
Develop and retain your talent
Half of the respondents of the NCC group’s research admitted to having difficulties recruiting and retaining cyber experts. To find out why employees leave, you can review exit interviews. Often skilled individuals leave because their employers fail to deliver a well-defined career path for them. To support talents, but also employers and HR-staff, this website provides a tool to facilitate shaping an interesting careerpath within (cyber)security. Part of which are different job profiles to define next steps, but also training and learning opportunities within your role. Another thing to consider is an apprenticeship and training scheme given by senior employees to develop the skills that your organisation requires internally, this can open the way for career switchers or side-entry to the field. Simultaneously, it will give your employees a sense of purpose and reduce the likelihood of leaving the organisation. Look at www.cybersecuritywerkt.nl (in Dutch) to learn more about side-entries into the cybersecurity field.
Outsourcing is one of the most effective ways for an organisation to complement and strengthen its internal resources. This is because it offers a quick and cost-efficient method which improves the organisation’s cyber resilience. In comparison to recruitment, outsourcing offers organisations the opportunity to identify their resource requirements without making fixed commitments as well as address short-term security requirements. Some of these requirements can be in the field of cyber threat intelligence and security monitoring & detection. Find service providers on other topics on the recently launched website: https://securityinsight.nl/security-topics/.
To summarize, it is essential to identify the skills your organisation needs, how to attract and retain your talent, and how to outsource effectively. This means you need to be aware of the (cyber) security needs of your organisation, and not to forget the latest cybersecurity developments. There are numerous podcast and webinars, amongst other on https://securityinsight.nl. For instance this podcast on increased fraud, business and cybersecurity risks: https://securityinsight.nl/podcast/increased-fraud-business-and-cybersecurity-risks-in-the-midst-of-a-crisis.
This article has been written by Fee A’mema and Mark Ruijsendaal with funding from the 'Kansen voor West' programme, which aims to give the economy in the 'Randstad' an innovative boost. 'Kansen voor West' is funded by the European Regional Development Fund (ERDF) / REACT EU.