industryopinion
Diversity and security - how to develop your team more effectively
Tia Hopkins, Field CTO at eSentire explains how companies can expand their approach to recruiting and find talented people beyond the CV.
R
ecruiting for IT roles is tough. Recruiting for IT security roles is even tougher. ISACA found that 20 percent of companies took six months to fill their open roles with qualified
candidates, and that 62 percent had teams that were understaffed. Similarly, ISC2 announced that the cybersecurity skills gap currently stands at 2.7 million roles that are not filled worldwide. In theory, the data presented by ISACA and ISC2 implies that
there are lots of opportunities to those with the right skills. Te reality, however, is that ‘the right skills’ means different things to different people. We have to ask ourselves the following questions: Are we doing our teams and organisations a disservice by looking to fill these roles in the wrong way, potentially ignoring the wealth of talent that exists? And, can looking at diversity and inclusion initiatives help to fill those gaps more effectively? In order to solve this talent problem, we have to first look at what
the issues affecting organisations are. In working with companies and partners for the past few years, the biggest pain point that security leaders mention is the lack of entry-level talent. Te primary concern is that there are not enough people entering the market that can fill entry level or junior security roles. Tis has become such an issue that it is now leading to more
problems recruiting mid-tier analysts and those with experience into roles. Because the pipeline has been so poor, the number of people being promoted into mid and senior level positions has slowed down. Couple this with more competition for people with those more advanced skills, and an increased willingness to let people work remotely, and there is a huge fight going on for highly qualified professionals. However, this is not the full picture. Tere is a war for existing
talent that already fits roles and that has gained experience. And while there are concerns around finding people for entry-level positions, the reality is that the qualifications listed for those roles require more direct experience – even at the entry level. Tis can cause candidates with the right set of skills and aptitude to self-select out of applying for these roles, which drastically reduces the talent pool. In the Decrypting Diversity report, the UK’s National Cyber
Security Centre and KPMG found that the percentage of women in the survey was over a third - 36 percent - and those from LGBTQ backgrounds was around ten percent. Tese are positive
14 | September 2022
indicators for diversity in the overall IT security sector. However, the percentage of young people in the security sector was significantly low - only one in twenty of those surveyed were between 18 and 24. Evaluating recruiting approaches and processes is a starting
point to solving this problem around talent. Rather than exclusively evaluating candidates based on rigid job specifications and technical skills, we should also consider effective methods for assessing things like aptitude and commitment. Tis not only highlights candidates that are more willing to work and be successful in their long-term careers, but also helps spot those who come from groups that tend to be less represented. Tis involves looking beyond the CV. It means putting more work
into attending and supporting events aimed at diversity in security, and it means looking beyond the IT security talent pool for those that are willing to learn and develop the necessary skills. Looking out for those with general IT network and systems administration skills can help, and partnering with universities that offer industry placements can also be effective. Another contributing factor to the growing skills gap is the
sometimes, negative perception associated with training and educating employees. Some security companies believe that any investment in training ultimately benefits other companies that then try to poach staff. While this is certainly a risk, there is also a great deal of risk in leading a security team that is not properly trained, or limiting employee growth based on fear of them leaving the organisation. In fact, training and education can be leveraged as a retention tool
and positioned to employees as part of a growth plan, which should ultimately encourage them to stay. Security leaders should shiſt to an enablement mindset and seek to continuously train and develop their security teams over time. As Sir Richard Branson commented: “Train people well enough so they can leave, treat them well enough so they don’t want to.” Security today is essential to how companies run their
operations. Te cost of attacks like ransomware continues to rise, and no company can afford to have security program gaps that go unaddressed – whether related to people, process, or technology. Tis includes talent management and can start with encouraging more job seekers to submit themselves for roles, even if they don’t think they meet all of the requirements listed in a job description.
www.pcr-online.biz
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
