Cybersecurity Staffing: Finding the Right People to Protect Your Company

The Cybersecurity Challenge: It’s Not the Protection. It’s the Implementation.

Find the talent, not the protection. Whatever works today could very well be defeated tomorrow.

Cybercrime costs companies about $3 trillion globally in 2015. Those losses will double to $6 trillion by 2021. The $80 billion Gartner reports we spent in 2016 pales in comparison to the $1 trillion that companies around the world will spend on cybersecurity products and services.

It won’t be enough. By 2020, between 50 to 200 billion IoT devices will be connected to the Internet. They’ll need to be secured. Meanwhile, Forbes reports that 1 million cybersecurity jobs went unfilled last year. Even as the rush to fill these lucrative jobs creates a swelling of new candidates for the positions, new openings will outpace it. There’ll be more than 1.5 million unfilled cybersecurity job openings by 2019.

It’s not your job

Enterprise C-suites and small business owners alike have realized that cybersecurity is not something they can accomplish. They know their job is to fund and facilitate cybersecurity. To do that, they must focus on strategy and implementation. State-of-the-art protective solutions today will quickly be defeated. In the true sense of the word, there can be but a single priority.

Find the talent.

Easier said than done, considering the statistics you just read. Indeed, a recent international survey by Intel determined that 82% of IT professionals believe there’s a shortage of cybersecurity talent in their own organizations.

This causes a dangerous ripple effect. Mistakes happen when your cybersecurity staff—assuming you have one—is overstretched. Stress and employee burnout increases. And this is one department that doesn’t need to see a jump in attrition rates.

A crisis feeding upon itself

This is especially concerning to companies of any size because, as McAfee reports, more than half of all companies surveyed agreed that compared to the general IT workforce, the shortage in cybersecurity is acute. This is mainly because there aren’t enough people with the skills to keep organizations secure.

As this need grows and the available talent pool shrinks, it’s pushing cybersecurity salaries to even higher and more lucrative levels. Forbes reported at the end of 2016 that information security positions as recorded by the Bureau of Labor Statistics paid between $50,300 to $140,460 annually. The tech job board DICE reports that top management level cybersecurity positions offer salaries in excess of $230,000 a year.

This, in turn, is making talent acquisition even more expensive. It is becoming prohibitive for some organizations.

Do something, now

QA, a leading IT training company in the UK, recently surveyed 300 IT professionals across all industries. Nearly 60% admitted they do not have a sufficient balance of skills to protect their respective companies from cyberattacks. Even with this acknowledgement, just 22% said they have created plans to rectify the deficiency.

The situation is sufficiently alarming, but it can be made even worse when company leaders divert too much of their focus to finding a solution. Reactionary efforts take their eye off core competencies. There’s a better approach.

Hiring the right people will create the necessary protection, and that brings us back to the concept of core competencies. Does yours include recruitment?

You’ve already got the best solution in place if you use a recruitment organization for technology talent acquisition. Now it’s time to deepen that relationship—especially if you still treat your recruiter more like a vendor than a partner.

They may have already been politely doing a Chicken Little dance on your desk as they’ve tried to alert you to the responsibility you should share in finding and attracting the cybersecurity experts you’ll bring aboard to protect your company. Stay the course. Remain focused on your core competencies. Rely upon your recruitment partner to show you the true extent of their own core competencies.

Neither of you are looking for cybersecurity protection. You’re partnering to find the people who will implement it. This protection is so crucial, yet so mercurial, that whatever works today could very well be defeated tomorrow.

Which is why who and not what should be your only focus.

  • Share