It is difficult to understand the world of cybersecurity today without understanding our field’s skills gap. That gap profoundly affects our workplaces every day, and it can cause overwork and burnout among cybersecurity professionals. On the other hand, it also pushes us to be especially innovative, with a major focus on automation and machine learning.
Though it was the last session of the day, it was one of the most lively discussions of the event. Moderated by Jodi Watkins, CCO of GTN, panelists Shalma Naidoo, VP & managing partner, IBM Security, Octavia Howell, BISO, Equifax and Eric Staffin, partner & SVP, CISO IHS Markit discussed the state of cybersecurity today, where it’s headed, and what can be done to improve it. These industry experts raised useful insights on addressing the gap. Alongside their predictions, concerns, and aspirations regarding the field of cybersecurity in general, they shared a variety of best practices to help organizations adjust their approach to cybersecurity in light of the skills gap.
Given how pervasive and constant the skills gap is, the related ideas that came out of Re:con21 summit are relevant for any organization or individual concerned about cybersecurity. With that in mind, I’d like to share those insights. Based on our discussions at Re:con21 , here are nine expert tips for addressing the cybersecurity skills gap:
Don’t Be Afraid To Fail
Cybersecurity is a dynamic field, and we owe much of our predictive and defensive capability to our openness toward innovation. But we also need to realize that we won’t have a 100% success rate. When our employees are too afraid of the consequences they’ll face personally should they make reasonable mistakes, not only will they be less open to the innovative thinking we need, but they will be less likely to stay with our companies (or even to stay in the field of cybersecurity). With that in mind, it’s important to create workplaces in which we encourage the entire cybersecurity team not to be afraid to fail.
Recruit Based On Aptitude And Attitude
When hiring new team members, it can be a challenge to identify the applicants with the greatest potential. All too often, we take the easy way out and evaluate candidates more based on credentials and years of experience than on factors that are more important but harder to quantify. In reality, the most qualified job candidates aren’t always the ones with the most impressive qualifications on paper. Two of the most important (and least tangible) factors to consider when evaluating job applicants are the ability to learn new skills and apply them effectively (aptitude) and the determination to make the most of that ability – including by working cooperatively with others (attitude).
Prioritize Diversity And Inclusion
While professionals across many fields see the importance of creating a varied team of professionals bringing together a wide range of expertise and experience, we in the world of cybersecurity have a unique perspective on the power of diversity. The more variety our workforces can bring together – regarding gender, cultural background, multiple intelligences, neurodiversity, and other factors – the better we are equipped to act against threats and threat actors coming from all over the world. It’s worth keeping that in mind when it comes to hiring.
Build A Community
To reap the full benefits of your cybersecurity team’s diversity, it’s important to have well-defined mechanisms in place to foster communication and collaboration among team members. On the micro-level, that means facilitating the exchange of ideas across your organization’s various teams, roles, and levels. And on the macro level, it means sharing threat intelligence, best practices, and other information across organizations.
Cross-Train Across Departments
Many cybersecurity experts work in companies whose primary focus is outside of the realm of cybersecurity. And even those working for organizations that do specialize primarily in cybersecurity typically work alongside professionals specializing in other fields. But many of these non-cybersecurity professionals work in areas that are closely enough related that they can play a supporting role – in many cases, fields such as law, business, and finance. The key is to provide these professionals with the cybersecurity knowledge they need in order to support your organization’s cybersecurity efforts.
Tap Into The Power Of Automation
There are many reasons automation can enhance cybersecurity and cyber threat intelligence, especially in light of the vast amounts of data to be analyzed rapidly in order to identify and counteract threats. On top of those reasons, the skills gap makes it all the more important to leverage the power of automation. Not only can automation help you reach well-informed conclusions efficiently, but it can help each cyber analyst to ramp up their productivity – reducing the impact of the skills gap throughout this field.
Build Mentor Programs
Another important way to help your employees learn from each other is through mentor programs. To make your mentor program effective, it’s important to provide real structure and to invest in training the mentors. Not only can a successful mentor program help your team members to advance their careers, but it can also foster a sense of camaraderie within your organization. And knowing that there is an established and effective system in place to help cybersecurity professionals to grow and reach their potential can also draw talent to your organization, supporting your recruitment efforts.
Don’t Confuse Mentors With Coaches
While many of us in the field of cybersecurity understand the importance of mentoring, too often we misunderstand what the role of the mentor should be. Unlike the kind of detailed, step-by-step instruction that coaches provide, the role of the mentor should be more focused on providing big-picture professional guidance. Effective mentoring should include encouraging employees, telling them what they are doing well, and telling them what they’re not doing particularly well – all in order to help these team members build successful and rewarding careers.
Take Burnout Seriously
It’s no secret that cybersecurity is a demanding field, which is one of the key reasons we have such a skills gap in the first place. But the challenges cybersecurity professionals face don’t just scare many prospective employees away – they can also push those who are already in this field to look for opportunities outside of cybersecurity. And, of course, those who experience burnout but stay in the field of cybersecurity may see their burnout affect their work. To address the issue of burnout seriously, it is important to encourage our employees to take care of their mental health just as much as their physical health. It’s also a good idea to help your team members maintain some work/life balance by encouraging them to participate in hobbies and team-building activities unrelated to their work.
For more useful insights from our Re:con21 summit, check out the full report: The Future of Cyber Threat Intelligence – Building the CTI System of Tomorrow.