Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +

EDITOR ’ S QUESTION

Organisations of every size are feeling the pain from hackers , ransomware and illegal crypto-mining . Cybersecurity threats affect everyone , all the time . The problem is complex but the solution is actually really simple . Consider these four recommendations to solve your organisation ’ s staffing shortages :

• Universities – The public and private school systems around the world have recognised this deficiency . Many of them now offer advanced degrees in cybersecurity and train students on ethics , hacking techniques , defensive strategies and risk assessments . For many years , these traits could only be learned on the job or with private cybersecurity training from specialised businesses . These students are sharp and just need to be molded into your corporate image . If the security job is not mission critical from day one , I would certainly give these talented individuals a shot and you may be surprised at how eager they are to learn more

• Managed Service Providers – If recruiting talent is just not possible due to your industry , size , location , or other factors , consider outsourcing your security to a partner . Economies of scale allow managed service providers to reuse expensive talent and time to benefit all of their clients . While there is some risk with outsourcing , for many organisations the cost and flexibility make it a worthwhile venture that should not be ignored

• Consultants – Some organisations do not require full time cybersecurity help for every discipline . Hiring a consultant for periodic work allows for the best talent to be acquired on a temporary basis to perform key security tasks . Something like log reviews is not a good use of a consultants ’ time but PCI DSS assessments or penetration testing fit perfectly well within the consultancy model . There is no need to hire someone full time for these tasks unless your organisations size or regulatory requirements mandate it

• Promote from within – Every organisation has talented people . That is what makes a business successful . Information Technology personnel are

generally some of the most talented but often get bored with routine tasks . I encourage organisations to promote from within to fill cybersecurity gaps and see if any other departments have trusted personnel that could be trained , challenged , and promoted to step up to the mission . They inherently will have a detailed knowledge of your organisation from their previous employment perspective and when overlaid with security , will provide an invaluable resource in managing your protection

The cybersecurity shortage does not need to be a dead end for your organisation . Organisations can find help , talent , and resources to fill the gaps but every business must be aware that all cybersecurity professionals are different . Just like doctors from surgery to radiology , they all have specialties .

A security professional that manages firewalls is not the same as a pen tester or ethical hacker . They have unique talents for their disciplines . Therefore , when considering these four recommendations , do not be afraid to be specific about the talent you need and the desires and personalities of staff . The personality of a security professional reviewing log files all day is very different than that of a security professional managing end point security solutions or performing vulnerability assessments . Understanding your exact cybersecurity needs will help you narrow down which technique will help you find the right personnel . • www . intelligentcio . com INTELLIGENTCIO

37