True North Tech Series: Making People Your First Line of Defense

As stories about data breaches at some of the world’s most trusted brands continue to saturate social media and news headlines, information security has bubbled to the top of strategic priority lists in organizations across industries. In our October 2017 survey of more than 600 senior-level business leaders, 58 percent of respondents cited information security as a “very high” priority, with 46 percent reporting they believe it will grow in importance this year.

While security technology and processes continue to mature, the capacity to cultivate and attract security talent lags farther behind.  Frost & Sullivan predicts that the growing gap between available qualified cybersecurity professionals and unfulfilled positions will reach 1.8 million by 2022. This gap inherently makes retaining security talent more challenging. In fact, nearly half of all cybersecurity professionals are solicited to consider other jobs at least once per week.

With many IT organizations continually seeking to reintegrate and align with the strategic priorities of the business, the stakes for effective cybersecurity are even higher. Companies are collaborating with a wider network of partners to offer 24/7 operations and enhanced flexibility to their employees. This enhanced flexibility also expands cybersecurity risk. For example, the swelling universe of Internet of Things (IoT) devices is particularly vulnerable to attack, and most employees run these devices on insecure home networks with inadequate patching to match today’s threat landscape.

While these unique cybersecurity challenges will vary for every organization, people commonly emerge as one of the key obstacles to effective cybersecurity strategy. Our latest research backs up this stance.

How are organizations developing their teams to address these gaps?

The DevOps trend has become mainstream, giving companies the tools to go faster while retaining a rigorous, professionalized approach to IT. In this environment, security can no longer be outsourced to the security team – the security team must now focus on changing the organization’s culture. That means talent that goes beyond technical skills. The security workforce must be familiar with concepts like organizational change management and strategic communications. DevOps is key because it will help security teams change organizational mindsets about how work is done – but only if the right security talent is in place to drive behavior changes.

Creating positive experiences around security thinking and strategies is equally important. By embedding “security-based thinking” into organizational processes, security is more likely to be embraced at the organizational level. A “share the wealth” mindset and sense of collective ownership for the enterprise’s security must be cultivated by a skilled security team.

As we look ahead and examine these security workforce trends and gaps, our research highlights people as a key area of emerging investment for security leaders.

Data breaches continue to damage the reputations of some of the world’s most highly visible brands, and the ability to secure and retain cybersecurity talent – with the skills to succeed in a DevOps environment – will increasingly serve as a core differentiator. By thinking beyond traditional workforce strategies and taking a skills-based, industry-specific approach, your organization will be better positioned to build a foundation for competitive advantage through people as your first line of defense.

Click here to read our full perspective on cybersecurity workforce planning.