November 4, 2016

Getting the most out of your staff in the midst of the cyber security skills gap

This blog post was written by Tom Flynn at our partners BAE Systems.

Getting the most out of your staff in the midst of the cyber security skills gapWhile cyber attacks are on the rise, most security budgets are not. High profile data breaches have led to the creation of fresh legislation, regulation, and demands from consumers that their data be protected. But many boards are still primarily focused on driving revenue. Even with limited resources, it’s the responsibility of the security team to make sure an organization’s digital assets are protected. But there’s a problem: with adequate budget, technology is easy enough to acquire. But hiring and retaining people to use it correctly to defend their employers’ business is proving to be a tough job for just about everyone. We’re in the midst of a skills shortage.

Cyber security workers are commanding nearly 9% more pay than their peers. Businesses monitoring and analyzing their network around-the-clock need at least four full-time employees (168 hours a week ÷ 40 hours per employee). That’s just for minimum coverage; larger organizations need more. According to the Burningglass report “Job Market Intelligence: CyberSecurity Jobs, 2015”, job postings for cybersecurity openings have grown three times as fast as openings for IT jobs overall.

There are so many unfilled positions, in fact, that it would be nearly impossible to fill them all. According to the U.S. Bureau of Labor Statistics, information security analyst positions are expected to grow by 18% through 2024, over double the national average for growth. Unfortunately the options for solving this problem are limited. It’s often too expensive and time consuming to constantly hire, train and retain the talent needed to keep ahead of new advanced threats.

The good news is that managed services, which share the expertise of cyber security experts, can fill this gap very effectively, and reduce the staff and budget burden that recruiting in a high-demand market creates.

The balance is finding a vendor that can integrate with your organization’s existing technologies and implement the best detection and prevention capabilities. As an extension of an in-house team, these providers should be able to:

  • correlate security events on customer networks to identify suspicious activities,
  • investigate suspicious activities with certified security experts, and
  • make use of threat intelligence to prioritize alerts correctly

At present, in-house security services create a staffing headache for businesses. Leaving security to expert organizations allows your staff to focus on business priorities, rather than scrambling to fix security, personnel or skills problems.

Original content owned and published by BAE Systems.

Stay Connected

Enter your email address below to receive updates each time we publish new content.