Image

"It's evident that security teams are evolving and maturing with the rest of the cybersecurity industry, but the pool of skilled staff and training simply aren't keeping up. For example, beyond their technical duties, security practitioners may now be expected to spend more time in boardrooms or in the CFO's office to secure more budget. While the makeup of the cybersecurity workforce may be changing, the fundamentals of protecting an organization have not. It will be critical during this transition to ensure there's a long-term strategy in place around maintaining the foundational security controls like the CIS CSC."Per Tripwire's survey, organizations are indeed diversifying their security staff. Most companies are supplementing their teams by outsourcing for skills (91 percent) and are expecting non-security professionals to become more involved in their digital defense strategies (98 percent). One in five respondents said their organizations have already hired professionals with expertise not related to security over the past few years; about the same proportion of respondents (17 percent) expect to continue that practice through 2019. But hiring is just the beginning. Erlin explains that businesses should then work to optimize these heterogeneous security workforces:
"The skills gap doesn’t have to be an operational gap. Security teams shouldn't overburden themselves by trying to do everything on their own. They can partner with trusted vendors for managed services or subscribe to service plans where outside experts can act as an extension of the team. Organizations should also understand that security is a shared responsibility across different functions, so people from other parts of the business should be involved in the cybersecurity program. And, of course, automation can add value not only in reducing manual work, but also in ensuring that everything is up-to-date and working as it should in real time. Security teams may just need to work more creatively."It appears organizations are in agreement with Erlin. Eighty-eight percent of respondents think managed services would help to address the skills gap problem. Even more than that (96 percent) think automation will help address the digital security skills shortage in the future. What is your organization doing to address the digital security skills gap? Let us know in the comments!
Image
