New IT security threats strike every day. Financially, the impact of IT security failures continues to grow. A White House report estimates that cybersecurity attacks cost the U.S. economy over $50 billion per year. To combat these threats, organizations need to have the right talent.
The IT Security Skills Gap Challenge And What It Means For You
Unfortunately, there is a significant shortage of professionals with the right IT security skills today. Security magazine estimates there will be more than three million unfilled security jobs by 2021. Since these jobs require advanced technical skills and relatively few people have such skills, employers are struggling to find the right talent. Further, it is not enough to hire an IT security generalist and hope they can protect your organization. Increasingly, it is necessary to recruit security specialists with expertise in cloud platforms, hardware, training and related specializations. Now, you’re probably asking yourself: does my company have this IT security skills gap?
Unless your company is unusually well prepared, it is likely that you have this IT security skill gap. However, a vague suspicion that you have a problem is not actionable. That’s why you will need a step-by-step process to assess your IT security skills situation and make informed decisions about how to close those gaps.
Step 1: Knowing Your Enemy Is Half The Battle: Assessing Your Skills Gap
Assessing your IT security skills gap requires careful analysis. On the one side, it is vital to understand the current skills of your cybersecurity specialists deeply. However, that analysis does not tell you if you are keeping up with the industry. Therefore, we recommend that you benchmark your team’s IT security skills against industry best practices such as vendor-specific security certifications (e.g., AWS Certified Security if your organization uses Amazon Web Services or AWS) and generalist security credentials (e.g., ISACA’s CISA, CRISC, CISM, CGEIT).
To start your IT security skills self-assessment, consider the following questions:
- What level of support does the organization offer for professional memberships and continuing education?
- What percentage of IT security specialists hold a relevant credential or certification?
- How reliant is the organization on external IT security experts for essential security work
- Does your team have the required expertise to assess and mitigate security risk on newer technologies?
- Does your IT security team have the leadership and communication skills required to ensure that security expectations are followed throughout the organization?
Tip: Some organizations offer free webinars in IT security. Such training opportunities are an excellent way to supplement traditional training programs.
Step 2: Identify Your IT Security Skills Gap Quick Wins
Developing new skills takes time. Fortunately, subject matter experts in cybersecurity tend to be hungry to enhance their expertise. Harness that tendency by identifying a few quick wins to close your IT security gaps. In this context, we are defining a quick win as a skill gap that can be closed in 90 days or less.
Start by asking staff to identify critical systems and infrastructure in your company. Once you have that list, ask them if they would like to sign up for vendor-specific IT security training. If that is not available, contact a professional organization like ISACA like ISACA to request suggestions for best practices.
If your team is generally doing well regarding technical skills, you might have a problem in terms of communication and influence skills. This area is just as crucial as traditional technical skills. If IT security professionals cannot persuade the business to take action on IT security problems promptly and provide adequate funding, the organization will be vulnerable.
Step 3: Support Closing IT Security Skills Gap With Resources
In the prior step, you found the most pressing cybersecurity skills gaps in your team. As a manager, it is now your responsibility to support your team in closing these gaps. Rather than prescribing a solution for your staff, invite them to propose solutions to you. For example, some staff may prefer to earn a certification while other people prefer a different way to learn.
As these development requests come in, assess what type of support you can provide as a manager. First, consider whether you can deliver on-the-job time for training (e.g., advise staff that they can take half a business day each week to study new IT security skills each week). Second, develop a department-wide professional development budget that addresses your needs as an organization as well as individual professional development goals. Fortunately, there are many different ways to obtain high-quality IT security training, many of which do not require time in a classroom.
Tip: So far, we have focused on IT security skills in your IT security department. What about the rest of your employees? They also have IT security training needs. Get started by offering an employee password training session to your workforce.
Step 4: Address The Most Common Roadblocks To Developing IT Security Skill Gaps
Unfortunately, you might face resistance from senior management when you ask for resources to upskill your team. In that situation, you have a few options. First, consider presenting a higher-quality business case that includes industry data on the nature of the IT security skills gaps. Sometimes executives will be moved to act when they realize your company is falling behind the rest of the industry.In the worst-case scenario, you might receive approval for a minimal training budget. In that circumstance, you will need to find training and development during the workday to support your team. Demanding that staff pursue professional development exclusively on their own time may lead to burnout. To make time for ongoing professional development, you need to make room for this critical work in your schedule. By using an IT security chatbot, you can free up a few hours each workweek. With those time savings, your IT security professionals will have less on their plate and have more energy to devote to learning new skills.