The majority of organizations do not have a workforce strategy in place, and are not forward-thinking in their recruitment and retaining strategies.
Speaking at the Gartner Security and Risk Management Summit in London, Gartner director analyst Sam Olyaei said that the majority of companies are “stuck” when it comes to hiring, and have no time to look into the future of emerging technologies.
Citing sources, which claim a shortage of skilled people and security staff of anywhere between three and six million people, Olyaei said that many organizations are “playing catch up” as most do not have a strategy, or career paths lined up for people. Also a lack of mentorship programs was off-putting to a number of people, with Women in Cybersecurity research citing that 78% of young women rule out a career in cybersecurity because of this.
“Most organizations look for perfect a candidate and that almost never exists,” he said, adding that there should be more opportunities for “digitally business oriented folks.”
Of those who are succeeding, Olyaei said that the insurance, banking and consumer product verticals were most successful in hiring, as well as those companies that have roles established, offer travel and conference opportunities, and training and education for certifications.
“The roles that are in demand don’t really change” he pointed out, but he often sees roles that were unfilled six to 12 months ago and focus on traditional information security, rather than future roles. He cited the examples of:
- Digital risk officer
- Data security scientist
- Security champion
- Digital ecosystem manager
- Chief of staff
Looking at job descriptions, Olyaei argued that while there is demand for certifications and these are “important for career progression,” if you change the wording on a job description you can capture a wide variety of people.
“It is easier to teach technical things” than more business-related issues, he said, saying that he is seeing more of a shift to descriptions talking about skills to create a strategy, and to be able to present to business leaders.
He explained that this requires a shift in the mindset of hiring, as business moves “at a faster speed; it's more agile, and about ecosystem too” and new people will want to come in and break down silos. “Don’t hire on requirements for experience, and place less emphasis on the ability of a person using Nessus on Lexus (for example,) and you can attract digital folks who have competencies,” he said.
He concluded by highlighting the digital skills to look for as:
- Adaptability
- Business acumen
- Digital dexterity
- Outcome driven
- Collaboration/synergy
“Develop one strategy for security and align it to the organization,” Olyaei said, adding that the “more you invest in training, the longer the staff stay.”