“You go where you are invited, but you stay where you are welcome.”
These were the words of Ann Johnson, corporate vice-president, Cybersecurity Solutions Group with Microsoft, speaking at RSA Conference 2019. The cybersecurity workforce shortage goes deeper than a skills gap, she argued. Employers also need to consider how to address other areas of concern for security workers, especially their stress levels.
About 70% of IT employers say they face serious staffing shortages. As a result, those on the frontline of security are overwhelmed by threats and alerts and spend their days chasing down false alarms. That means they don’t have the bandwidth to investigate and solve complex problems.
Stress is also overwhelming our cybersecurity and IT workforce. Johnson said two-thirds of these workers will take pay cuts just to have less stress. All of these factors mean that those on the frontline of security are outnumbered by threat actors.
“We must empower the defenders,” said Johnson.
Technology is one way to do that. When organizations adopt innovations like the cloud and AI, they increase their ability to detect and mitigate attacks, not in minutes but in milliseconds.
However, there needs to be a bigger investment in human capital, Johnson pointed out. Organizations need to tap into new potential talent by reaching out to a more diverse workforce. When you have more diverse talent, you get varied experiences and ideas to better solve problems.
Retention is also an issue. Johnson stressed the importance of caring for the security employee’s mental health. “Mounting stress on the first line of defense leads to more mistakes,” she said.
“Technology alone won’t solve our security problems,” Johnson added. “We must focus on the power of people.” We want people to fill these security jobs, but they’ll only stay if they are appreciated.