IT Focus Area: managed services
September 7, 2016
The Biggest Mistake IT Leaders Make with Their Security Talent Strategy
Every year, security breaches become more costly.
Cyber crimes are projected to cost businesses $2.1 trillion globally by 2019 —almost four times their 2015 costs.
And as criminals become more sophisticated, it’s becoming harder for enterprises to ward off attacks.
One reason why enterprises fail to protect themselves is because they can’t find and retain skilled IT security professionals. The shortage of security talent affects almost every enterprise, as 83 percent of organizations find it either somewhat or extremely hard to hire information security professionals.
Meanwhile, Cisco estimates that there are more than one million unfilled security jobs worldwide.
Why It’s Hard to Keep Skilled Security Talent
The lack of information security talent is part of a larger IT skills gap shortage —impacting everything from data center management to big data.
Enterprises go to great lengths to recruit IT talent. But when they find the right people, they make the huge mistake of failing to keep them engaged. For example, skilled security pros may spend too much time on mundane tasks or may not have challenging projects to work on.
Here are some tips on how to find and retain IT security pros.
5 Ways to Find and Retain IT Security Talent
To engage security talent, you need a great IT culture. Here are five keys to finding IT security pros and keeping them once you have them:
- Get senior leadership involved with IT security. Cyber security isn’t just an IT problem —it impacts the entire organization. That’s why it’s critical to have IT security conversations in the boardroom. Senior leadership needs an accurate picture of the organization’s risks, and security professionals must find a way to give it to them in a language that they understand.
- Develop an IT security strategy. It’s not a matter of “if” a security breach will happen but “when” it will happen. Although cybersecurity attacks are inevitable, a Ponemon Institute survey found that 75 percent of U.S. organizations are not prepared to respond. Creating or updating your IT security strategy is vital to preventing breaches or swiftly responding to them.
- Create a dedicated enterprise security team. Show employees (and hackers) that you take IT security seriously by investing in a dedicated enterprise security team. When your security pros don’t need to split their time between different areas, they will have a sense of focus and independence.
- Give your security team networking opportunities. IT security professionals want to network with their peers — both inside and outside your organization. Give them opportunities to attend conferences, participate in online communities, and learn best practices from their peers. This will only make your security stronger.
- Promote your top security talent. The way to engage top security pros is by giving them more strategic projects that put their skills to better use. When they tackle more challenging work, they will provide your enterprise with more value and better protect you from threats.
Once you move your top security talent into new roles, you’ll need to backfill their old positions. After all, the mundane work still needs to get done.
However, this will put you in the same position again. The employees brought in to backfill the mundane work will get bored and eventually move on to something else.
How to Stop the Revolving Door of IT Talent
One way to stabilize your IT team, boost your security, and ensure that your tasks get done is by partnering with a managed security services provider (MSSP).
An MSSP can handle all of the day-to-day work that is critical for your security but not the best use of your employees’ time. For example, they can manage your:
Core infrastructure security
Threat and vulnerability management
While MSSPs can handle your day-to-day IT security tasks, most can’t help you develop and maintain a security strategy.
It’s best to build your security foundation before you partner with an MSSP. Once your plan is in place, you can direct an MSSP on how to manage your infrastructure and data.
If you don’t have a security strategy, you may want to partner with a consulting or professional services firm to lay your foundation.
Are You Prepared for a Breach?
Finding and retaining high-quality security talent will be a huge challenge for enterprises, especially as threats become more sophisticated and persistent.
Retaining great security talent requires a significant investment in training and education, along with the ability to promote top talent from contributors to leaders. Cultivating great security leadership isn’t easy but will be one of the best investments you will ever make in retaining great talent.