Security Roundup: Retaining Cybersecurity Workers, Proficio-CyberSight, KnowBe4, F-Secure

With no end in sight to the cybersecurity skills shortage, organizations need to do all they can to make sure their cybersecurity workers aren’t pursuing other opportunities.

According to ESG’s latest research, based on a survey of 620 IT and cybersecurity professional across all industries in North America and Western Europe, more than half (51 percent) of respondents claimed that their organization had a problematic shortage of cybersecurity skills. That’s up from 45 percent in last year’s survey and 25 percent in 2015.

OmniNet’s Andrew Bagrin

Andrew Bagrin, CEO and founder of OmniNet and a member of CompTIA’s IT Security Community, tells us the shortage is “producing insecure networks.”

“You have to first put out the fire in the kitchen and then think about how to prevent kitchen fires in the future,” he said. “It’s been challenging to apply technology to fill the large void, but there are hopes that things like machine learning and artificial intelligence (AI) can reduce the needed humans to make the industry tick.”

More jobs are opening up and fewer people are available to fill them, said Raffi Jamgotchian, Triada Networks‘ president and chief technology officer, and CompTIA community member.

“It is even harder for smaller companies in the channel because we’re competing with top-tier consulting firms, government, military, and the largest firms, especially in financial services,” he said. “One difficulty is that many firms are looking for very specific cybersecurity skill sets which are nascent and there aren’t a lot of candidates doing it.”

In the meantime, a new report by (ISC)², a non-profit organization that specializes in training and certifications for cybersecurity professionals, reveals low numbers of highly engaged workers. Only 15 percent of respondents say they have no plans to switch jobs this year, while 14 percent plan to look for a new job and 70 percent are open to new opportunities.

(ISC)²’s Wesley Simpson

The report is based on a survey of 250 cybersecurity professionals within the United States and Canada.

Wesley Simpson, (ISC)²‘s COO, tells us about 21 percent of cybersecurity professionals are being actively recruited, saying “someone is reaching out to them on a daily basis.”

“So companies are having to create the proper environment that’s going to attract, retain and be able to hire these cyber professionals, he said. “These professionals … have a strong sense of a mission and they want to give back. They want to be able to really protect the organization, and protect their data and their people, and their clients and employees. And they don’t want to be bogged down with a whole lot of the HR and managerial type of duties.”

When asked what’s most important for their personal fulfillment, nearly half said salary is not the top priority, according to (ISC)². Also, more than two-thirds (68 percent) want to work where their “opinions are taken seriously,” 62 percent want to work where they can “protect people and their data, and 59 percent want to work for an employer “that adheres to a strong code of ethics.”

“They want an opportunity to really utilize and show their skills, and that the company has bought into it, that the company has a cybersecurity strategy, and is is investing in their employees and the latest technology, and in training and certification,” Simpson said.

The vast majority (85 percent) of cybersecurity workers would investigate a potential employer’s security capabilities before taking a job, and what they discover would influence their decision, according to the survey. More than half (52 percent) are more likely to take a job with an organization that takes security seriously, and two in five (40 percent) will work for a company that needs security improvements, it said.

“The channel partners, their role is really to be a trusted adviser and to become more important on the security front,” Simpson said. “With SMBs, they need to be able to offer …