In IT security, there are two forces today that it appears no business can escape: automation and staffing shortages. Companies in every industry are adopting technologies that incorporate machine learning and (to a lesser extent) artificial intelligence to analyze more data and automate key functions of the business. Meanwhile, as cybercrime expands its reach across the globe (and is expected to increase with the adoption of GDPR), organizations are struggling to recruit and retain skilled staff to protect their networks and brands.
When talking to industry pros, we often hear the assumption that automation technology will help lessen the shortage problem because it will perform tasks left by unfilled positions. A recent survey report by Dr. Larry Ponemon of the Ponemon Institute revealed that while that theory is partially true – automation will replace certain tasks like log analysis – it will actually exacerbate the staffing problem. The truth is, 76 percent of the survey respondents believe that machine learning and artificial intelligence tools and services increase the need for more highly skilled IT security staff, thus widening the already pervasive skills gap.
So, what to do? Automation isn’t going anywhere and the need for skilled personnel is growing. Looking deeper at the research, we are able to discern recommendations for organizations to address these challenges and build out their IT security teams:
- Compensation matters to attracting and retaining qualified personnel. Because of the competitiveness in the IT security job market, companies should consider offering generous compensation packages to attract and retain the best candidates. The most desirable candidates, according to the study, are those who can bring on-the-job experience and a recognized professional certification (CISSP) to the IT security function
- Create a career path for IT security staff and promote from within. Most companies represented in this study (76 percent of respondents) do not view IT security as a career path. Companies are at risk to losing their high performers if time is not spent mentoring and offering opportunities for advancement. Only about half (52 percent of respondents) say their companies promote from within.
- Consider job candidates that may not have all the typical technical skills but have the aptitude, people skills, communication skills, and the willingness to be trained. Fifty-seven percent of respondents say that when hiring, the softer skills such as being a team player and dependability are more important than technical skills. In fact, 60 percent of respondents say they can always train an employee in technical skills who has good people skills. Supplementing what the survey says about this, leaders of high-performing security teams often make this point in forums such as security conferences.
For the full story on the data, including what infosecurity professionals should do to grow in their careers, join Dr. Ponemon and me for our webinar, “Security Hiring Trends in the Age of Automation,” which will be held on May 16, 2018 at 10AM PDT/1 PM EDT.