Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
NED BALTAGI, MANAGING
DIRECTOR, MIDDLE EAST AND
AFRICA AT SANS INSTITUTE
EDITOR’S QUESTION
We hear a lot about the shortage
of staff in the cybersecurity
industry, but in most countries
the issue is more of a skills shortage than a
headcount shortage. The good news is that
we are beginning to see some organisations
recognising the need to develop less
experienced staff in security skills in order to
help solve the skills gap, both to transition
more general IT staff to security and to
bring in new talent and help them develop
the skills and experience needed to take on
security roles.
/////////////////
As such, we expect to see companies
continuing to invest in both the detailed
technical training required for security
professionals to keep abreast of new
techniques and threats, as well as more entry
level cybersecurity courses.
Another major driver of security spending
in 2020 will be increasing the skills of
cybersecurity staff around cloud services
and supply chain security, since rapid shifts
in globalisation, demographics, work styles
and work sourcing are transforming the
way in which companies manage their
businesses. Indeed, in a recent SANS survey
on workforce transformation, 54% of
respondents identified increased reliance
on cloud-based applications and data as a
leading challenge for them.
Respondents told SANS that they’re
supporting a number of initiatives to
support workforce transformation, including
a transition to cloud-hosted infrastructure
(51%), increased use of collaboration tools
(46%), a shift to software-as-a-service
(32%) and adoption of the remote office
and related capabilities (29%).
These shifts, including the widespread use
of cloud and off-site networks, open up new
vectors of risk and potential threats and
attacks that companies must keep on top of.
Companies are also increasingly beginning
to realise that focusing on supply chain
security and third-party risk is key, as this is
so often the cause of a breach. Ensuring that
security staff are well trained in these areas is
therefore of vital importance going forward.
Along with cloud and supply chain,
encryption and SecureDevOps are also a
focus for many companies, so we expect
to continue to see interest in SANS training
courses that cover these areas increase.
Last but by no means least, we are finally
seeing more companies starting to invest
in security awareness training. In the past,
too often organisations and their security
teams have perceived employees as the
weakest link, without investing in properly
training them to recognise security threats.
Instead companies have traditionally
invested almost entirely in using technology
to secure technology, ignoring the human
side. What little training most organisations
have done has been too technical and
complex. Proper security awareness training
requires simplifying security for people and
reaching out to them on their terms. This is
something that organisations are just now
starting to do.
www.intelligentcio.com
INTELLIGENTCIO
33