Sponsored By

Feeling the Security Skills Shortage Pinch? Look Beyond CredentialsFeeling the Security Skills Shortage Pinch? Look Beyond Credentials

Can't hire a CISSP with 10 years of vertical-specific experience on your budget? Here's a better plan.

June 1, 2018

4 Min Read
Skills shortage

GreyCampus' Jane Thomson

Jane Thomson

By Jane Thomson, Content Marketing Manager, GreyCampus

From GDPR to the latest mega-breach, current events are driving home to organizations across the spectrum the need for robust, proactive security. Too bad that there aren’t enough information security professionals to meet all that demand. You’ve no doubt seen the numbers: ISSA/ESG’s latest survey on the topic shows 70 percent of respondents believe that the cybersecurity skills shortage has had an impact on their organizations. That’s up from 23 percent in 2014.

Organizations like the one I work with are moving as fast as possible to educate the next cohort of security pros. But until then, here’s a hint: Don’t just throw out more of the same old job postings asking for “X” years of experience and “Y” certifications; instead, seek out versatile technology professionals who are aware of the security situation, are eager to learn new technologies and have the soft skills to work in geographically diverse teams with colleagues of varied knowledge bases and technical expertise.

In my experience, partners are much better off finding someone with these five traits and investing in giving that person the security-specific education that’s most relevant for your customers.

  • Vertical-specific and technical know-how: If your business is providing communications services to health-care firms, look for people who understand how to assess a UCaaS product in light of HIPAA requirements, or know the rules around how a nurse may email patient data. If you serve hospitality, insights into PoS systems and Wi-Fi provisioning are invaluable. People who understand how to build backup systems to protect Office 365 are natural ransomware-busters. Individuals who hold relevant experience in a vertical field along with a grounding in technology can be taught how to spot malicious attacks — and even better, might have insights on how to better build systems to avoid opening holes attackers can exploit.

  • Problem-solving skills: When it comes to connecting the dots between existing technical competence and newly learned security skills, creative and resourceful people, aka problem solvers and good collaborators, have an edge. These are select applicants who are analytical and can make connections others may not. Knowledge about security procedures is good; the insight to proactively avert threats and recover fast is better.

  • A keen eye for detail: Natural infosec professionals have an investigative and inquiring nature. Employers need to understand that the cybersecurity process is not just about a policy-based approach toward prevention of cyberattacks; there is more to it. Think of the detail-orientation and technical know-how to do a thorough investigation, combined with education in best practices in responding to attacks. Someone who is naturally curious has the potential to grow into an infosec pro who can use forensic data to track and contain attackers.

  • Trustworthy, sensible and ethical: An employee charged with securing systems obviously requires a high level of privileged access, yet malicious insiders are a huge threat to companies. In the case of partners, security pros on your staff might have access to not only your own systems but those of dozens or hundreds of customers. Yes, there are tools to monitor people with privileged access, and we recommend them. But you need to …

  • … trust your nascent infosec professionals with all those corporate assets. You also need them to have the good judgment to understand risk-based security programs and behave sensibly and ethically while responding to customer issues. This is one reason so many partners like to hire veterans, who often were issued clearances while on active duty.

  • Good communication skills: It is of utmost importance that an infosec pro be able to communicate effectively with all levels of employees, both in a technical and nontechnical manner. Educating end users is vitally important to good security, not to mention a valuable added service, as is “selling” the need for security investment to executives. Can this person explain why a given practice, while possibly good for productivity, is bad for data security without lapsing into jargon or coming across as looking down on the employee?

Once you find someone with these qualifications, consider investing in training. One certification in popular demand is the CISSP, which stands for Certified Information Systems Security Professional. This certification is an ideal credential for those with the skills listed above.

Jane Thomson is a content marketing manager at GreyCampus ,with five years of rich experience developing content for professional certification courses like PMP- Project Management Professional, PMI-ACP, Prince2, ITIL (Information Technology Infrastructure Library), big data, cloud, digital marketing and Six Sigma.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like