Organizations of all types and sizes are facing a critical shortage of cybersecurity talent, struggling to hire and retain the right people to secure their data and their systems. In the United States, it’s estimated that some 500,000 cybersecurity jobs are currently unfilled, and the number is close to 4 million globally, according to a new white paper on strategic outsourcing from Verizon.
Scott Hawk, Managing Director of a global team of Solutions Architects at Verizon, sees first-hand how resource-challenged security organizations are dealing with the talent shortage. Hawk and his team spend a significant amount of time with security teams and business executives to refine their approach and achieve their security objectives, and he sees an increasing number of companies realizing they can’t do everything themselves.
We recently asked him what he and his team are hearing when they meet with customers around the world.
Q. When an organization is under-resourced – meaning not enough staff or without the right skill sets -- how does that negatively impact the company's security posture?
A. Cybersecurity management suffers from many of the same resource constraints as other disciplines. Decisions have to be made about the investments in people, process and tools. It's widely acknowledged that skills in cybersecurity are in high demand and come at a high cost. And we know that the threat landscape is continuously evolving, which makes our traditional approach to tools and processes at risk for becoming irrelevant. Companies need access to modern skills and the latest tools to stay ahead of the bad actors. Whether it is the latest threat intelligence, the newest cloud technology platforms, or the scale to respond to any size breach, companies need a partner who can align with their resource constraints and develop a customized, coordinated approach to their security posture.
Q. From the recent experiences that you and your team have had in the field, what usually prompts a company to realize it needs to consider strategic outsourcing some or all of their security programs?
A. When a security professional is asked, "How secure are we?” and they can't give an answer in under 30 seconds, that's an indicator that they need help building a security posture that passes the sniff test for durability. Asking for a few more million dollars can often be difficult if a company has not yet experienced a serious breach. Scaling a company's security architecture through new usage-based models is an effective way to leverage the scale and scope of a partner without jumping into long-term, high cost commitments.
Q. Why is it so hard for companies to find people with the right security skills?
A. We need to find ways to make cybersecurity a compelling career option that excites and challenges the brightest minds in information technology.
Q. And why is retaining security talent so difficult for so many companies?
A. My team and I know that many people want to connect their work directly with the good it can do for society. Protecting people from harm by ensuring the safety of their health, finances and online activities is seen as an admirable calling for many technologists. Unless your company has a strong focus on education, society, and personal growth, it can be very difficult to get the right talent at the right price. Managed Security Service Providers have an advantage here because of their scope and breadth…the best providers see threats across industries, geographies and technologies, which offers endless challenges for security professionals.