Data Security

Managing the Infosec Skills Gap

Written by: Purandar Das 5 min read

Cybersecurity needs have shifted into high gear over the last few years. The pandemic has moved operations off-site and into the cloud breaking traditional security perimeters. These devices and operations are not exempt from meeting security and compliance requirements. Information security professionals have had to step up to the challenge to secure these assets in this new way of doing business.

Unfortunately, there is a shortage of skilled cybersecurity professionals to do the job. Almost two-thirds of security professionals have felt that the pandemic has made their jobs more difficult. These overloaded can get burned out and are more likely to quit leaving organizations vulnerable to cyber attacks.

This article will explore how organizations can optimize their operations to decrease the stress and workload for existing staff and find alternative ways to survive the infosec labor shortage while still maintaining a secure infrastructure.

 

Starting Where We Are

Organizations are currently at a significant disadvantage with cybersecurity. The needs are only increasing without a similar rise in the ability to hire. This creates an uncomfortable supply and demand situation for organizations that still need to deliver the same level of security for their data without the additional support to do it.

Too Much to Do With Too Little

Businesses often find their staff spread thin with the increased demand to meet security needs. In situations like this, organizations have to actively work to prevent employee burnout. This is especially challenging for organizations struggling to keep up with security and privacy demands. The public has increased interest in ensuring that their data is protected and not sold to the highest bidder. This will likely lead to additional GDPR modeled data privacy regulations over the next four years.

Additional regulations will only increase the demand for cybersecurity and privacy professionals in the coming years. This does not even account for the increased demand to combat existing security threats. Ransomware is up 151% from 2020 and is not expected to decrease anytime soon. Cybersecurity professionals are needed to protect businesses from this growing threat.

Hard to Hire

Unfortunately, simply adding more staff is not the solution. Organizations are facing staff shortages across many industries. Employees are leaving their current positions in droves due to a phenomenon known as “the great resignation.” They seek careers that offer them more money, flexibility, and happiness. This is especially an issue for your cybersecurity staff, who may feel overworked or burned out.

With increased compliance mandates for privacy and security, along with cyber-attacks being up 29% and malware attacks being up 93% in 2021, the need for information security professionals is growing. But hiring is still not easy. According to NIST, there is currently a shortage of 2.7 million skilled cybersecurity professionals; over 465,000 open cybersecurity positions are open in the US alone. With this much competition for skilled labor, it is quite challenging to refresh the ranks.

 

Managing the Shortage

Managing the shortage requires thinking outside the box to find ways to get the job done. The need for security will not diminish, so finding ways for departments to deliver is the only way to keep up with the demand. These solutions might include simplifying and streamlining operations to locating alternative temporary work sources.

Simplifying Solutions

One of the best ways to deal with the skills shortage is to optimize your technical stack to ease the management burden on existing staff and ease onboarding when new staff is hired. This requires implementing consolidated solutions that meet multiple security needs rather than relying on multiple point solutions that require time and management overhead.

By using consolidated solutions to reduce overly complex architecture, organizations save time and money. These solutions often employ centralized management to oversee their operations and provide monitoring through a single-pane-of-glass interface. This reduces employees’ time in management and monitoring and offers more precise metrics and analytics by unifying data streams that would otherwise reside in disparate systems.

Outsource to Fill Gaps

Even after simplifying your architecture, your organization may still be left with a skills shortage. When you can’t find the talent you need through hiring, sometimes using a contracted solution may be a better temporary fit. This can come either through hiring temporary contractors or services such as managed security service providers (MSSPs) to offload some workloads. For instance, using an MSSP to operate a security operations center (SOC) can free up existing staff to focus on more meaningful tasks.

Using this option is very complimentary to using consolidated solutions. When you have existing infrastructure in place, it reduces the additional costs associated with engaging an MSSP. MSSPs often have additional revenue streams toward selling their solutions to meet the needs that your organization does not have in place. If there are already functioning efficient systems, your organization can avoid the upsell and make it easy for the MSSPs to onboard using your existing solutions.

Build the Talent You Have

Another alternative to outsourcing is to insource the talent you already have. With a significant cybersecurity skills shortage already in place, organizations can benefit from training existing non-security positions to take up the role. Cybersecurity talent exists outside of existing cybersecurity positions. Many other areas of expertise, such as network engineering, systems administration, and programming, deal with cybersecurity challenges daily. These individuals have some of the skills but not always formal training. Many times they have interest but no chance to get their feet wet.

Investing in this type of talent is an investment and will take time before they are fully operational security staff. Businesses can ease this process by having optimized their cybersecurity technology stack. It is more accessible to onboard these new individuals with fewer learning solutions, and the existing products have intuitive interfaces.

Take Risks

The other route to managing the existing skills gap is to hire new graduates. With an expected 700,000 graduates this year alone, there is a ripe opportunity for building new talent. These graduates have the essential technical skills for cybersecurity but lack on-the-ground experience. This is a risk for organizations as this untested talent is no guarantee, and once they are trained up, they could move on to more lucrative positions elsewhere if they are not incentivized to stay.

Optimizing Your Technology

No matter how your organization manages the information security skills gap, the need to simplify and optimize the cybersecurity technology stack is there. Sotero is a complete solution that delivers multiple capabilities to help your organization streamline and optimize data privacy and security.

Sotero allows you to cut costs by minimizing the existing sprawl of security products by allowing you to manage your data security ecosystem through a single-pane-of-glass. Intelligent automation guarantees that new assets and applications added to the security fabric inherit existing security capabilities, reducing the load on your staff and simplifying operational overhead.

 

Schedule a demo today to learn more about how the Sotero Data Security Platform can help you make the most of your existing IT security workforce.

Tags:

data protection,

data regulations,

data security

Subscribe to our Blog

Take a look at a truly encrypted future, with no data left unsecure.

Request a Live Demo.

Schedule a live one-on-one
demo of Sotero.

Book Demo