WELCOME TO EHOST.COM.NP

Thursday, April 19, 2018

Closing the Enterprise Security Skills Gap

           Add Comments   

ads space

The security skills gap has become a topic of acute interest among practitioners responsible for building security teams for their organizations — and keeping them running smoothly. It impacts everything from how they staff, how they cultivate and develop their workforces, and how they train, to the operational controls they put in place, and potentially numerous other things about their security programs.

The term “skills gap,” in a nutshell, refers to specific challenges organizations have confronted over the past few years in finding and retaining competent, trained resources for security efforts. It is a measurable trend across the industry as a whole.

For example, it takes most organizations (54 percent) more than three months to fill open security positions, the recently released 2018 ISACA Global State of Cybersecurity Survey found. That figure is consistent with its prior year’s findings.

In terms of the skills in highest demand, technical skills are the most difficult to find, and the level of position being sought is individual contributor rather than managerial in nature, the ISACA data suggest.

While these data points are interesting in and of themselves — for example as a generic barometer of staffing considerations in security as a whole — they also are important in ways that may not be intuitive. At least, that’s true for savvy practitioners. That is, the report serves as an tool for security managers to benchmark their own staffing performances.

The fact that the skills gap exists and is being measured by numerous parties outside your organization means that the measurements you take about your own team can be compared directly to an objective, organization-agnostic benchmark. How often do opportunities to do that arise?

Say you’re planning your daughter’s birthday party and you’re thinking about serving ice cream. If your daughter doesn’t like vanilla, how much would it influence your decision making about which flavor to buy if I told you that vanilla was the most popular ice cream flavor in the world? Or that it was the most popular flavor in the U.S.? Both of those statements would be true, but would that matter? Not at all, right?

Are You Keeping Track?

The point is that both types of information can be useful. Understanding the broader trend is important because having that can help you plan more effectively. For example, knowing that it might be challenging to staff up certain skills (e.g., technical skills) might cause you to invest in strategies to maintain talent you already have in order to minimize attrition.

Further, that knowledge might prompt you to invest in strategies that let you creatively cultivate new team members in unconventional ways (e.g. through internships, “externships,” or other avenues), or invest in strategies that automate some processes.

There could be multiple viable options, but picking the one that is right for you is dependent on having some clue about what is going on in the first place.

However, understanding the broader trend in the context of how your team specifically performs is exponentially more valuable. Why? Because it lets you evaluate how the strategies you invest in are playing out. For example, if you decide to serve ice cream (vanilla or otherwise) every Friday to help make the workplace more fun, is it a useful talent retention strategy? Who can tell if you’re not measuring the outcome?

Benchmarking your own staffing efforts relative to peers, while valuable, does take a bit of legwork. It means, first of all, that you’re keeping track of performance metrics relative to staffing considerations (“temet nosce” — know yourself).

It likewise means that you’re keeping an eye on data sources available externally — that you have some degree of situational awareness of staffing issues.

Neither of these things are rocket science, but you’d be surprised how frequently security managers (even CISOs and CIOs) don’t track things like turnover, open headcount, time to fill positions, staff training goals/needs, and so forth.

It’s not that they don’t want to — it’s just that doing so is less of an operational priority than more tactical considerations — like dealing with the threat du jour, or deploying operational tools.

Remember the triad of people, process and technology? Each one is an important pillar in organizational performance. An advantage in any one of these areas means an advantage relative to peers overall. Those who can’t find staff, who have sub-par staff, or who otherwise have an ineffective or operationally deficient staffing strategy are at a disadvantage, while those who excel in these areas have an advantage.

Taking It Forward

As a practical measure, what can organizations do to make sure they’re developing their teams in a competitive way? There are a few things that can be helpful:

  1. It is a good idea to keep track of some metrics about staffing — both your organization’s ability to bring in new folks and to retain existing personnel. The few metrics I listed above are a useful starting point, but they are by no means the only possible options.

    You might want to track softer instrumentation, like staff perception about opportunities for advancement, fun in the workplace, and overall job satisfaction. These things can be correlated to harder values like turnover rate in a particular area, or other metrics that are more outcome-focused. The specific choice is up to you, of course, but the fact that you’re tracking something will give you data that can be honed and explored over time.

  2. Trending information can be valuable. In fact, it’s so important in terms of your ability to correlate measures you implement to specific goals and outcomes that it’s often better to have less specificity in terms of what you measure but a higher frequency of doing so.

    For example, if you’re experimenting with a new training regimen, you may find it more useful to assess the perceived value of the training more frequently (which allows you to get more real-time feedback and potentially pivot if you’re not getting what you want) vs. doing a more in-depth exploration of employee perceptions less frequently, perhaps once a year.

  3. It’s useful to solicit partners. HR organizations often do an employee satisfaction survey or engagement survey, for example, or use another measuring instrument (or combination of them) to benchmark employee perceptions of the organization at large.

    Leveraging this data where it already exists can provide useful data points that can help security leaders build the best teams and — maybe even more importantly — retain the resources that have proven so difficult to replace.

Ed Moyle is general manager and chief content officer at Prelude Institute. He has been an ECT News Network columnist since 2007. His extensive background in computer security includes experience in forensics, application penetration testing, information security audit and secure solutions development. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the information security industry as author, public speaker and analyst.

ads space

 

ADS SPACE

0 comments:

Post a Comment

Categories

Article How-to All Posts WordPress Android Web design Blogger Plugins CSS Google JQuery Plugins Programming Reviews Web Hosting Blogger Blogging Blogging Tips Tricks Web Development Facebook Git Internet Make Money Online Social Plugins Tips Tips and Tricks Tools Tutorials Windows WordPress Plugins Blogging Tips and Tricks Freebies GSM Google Analytics HTML How To's JavaScript Plugin Development S.E.O SEO SMS SmartPhone Social Media Tips amp; Tricks Top-Most Updates Webmaster Tools Whatsapp Applications Apps Blogger Basics Documentary Downloads Entertainment Gadgets Games Gmail Google AdSense Guest Post IPhone Make Money Blogging SVN Security Softwares Web Hosting Tips and Tricks Wordpress Tips Wordpress Tips and Tricks hostgator iOS Advertising Networks Advertising Technology Affiliates Antivirus Audience amp; Traffic Biography Blog post Blog post Blogger Blogger Errors Blogger Tips Blogger Tools Blogger Widget Blogosphere Bogger Widgets CSS selectors CSS symbols CSS3 Computer amp; Internet Content Writing Coupon Codes Data amp; Analytics Deleted blog Design DoubleClick for Publishers Email and newsletter marketting Email marketing Excel Tips Excel Tips and Tricks Facebook Tricks Feed Feedburner Feedburner subscribers Font Fun GitHub Giveaways Gmail primary inbox Gmail tabs Google sign-in Guides HTML amp; CSS HTML5 Infographics Inspirational Instagram Internet Marketing Internet Tips amp; Tricks Job Listings Knowledge Life Hacks Lists Make-Money Monetization amp; Conversion Monetize Navigation Online Marketing Other PHP Tutorials Passport Publishing amp; Content Quotes RSS Sidebar Smartphones Social Networking Status Tech Tech Blog Technology Telegram Themes UI / UX User Psychology amp; Research VB.Net Web Tools Web browser Widget Windows Tips Windows-10 ad viewability admin notice blogging tools bluehost cherry-pick clone cors custom scrollbar customizer dismissible notices duplicate post feed title git branch git clone gpg gpg2 hybridauth iPad icon font notice responsive wordpress theme same origin policy scrollbar signed git commit smartsvn theme customizer vcs wordpress theme wordpress themes

Blog Archive

Contact Form

Name

Email *

Message *

Copyright © Sync Media