This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Subscribe
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2018
      • ASIS 2017
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
  • InfoCenters
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » Hiring and Training Challenges for CISOs in 2018
Cyber Security NewsSecurity Leadership and ManagementSecurity Education & Training

Hiring and Training Challenges for CISOs in 2018

Eliminate the Skills Gap by Addressing 3 Major Challenges

hiring-900
April 4, 2018
Jack Miller
KEYWORDS cyber security careers / cyber talent gap / security training
Reprints
No Comments

As a veteran CISO, I can tell you firsthand that the cybersecurity skills shortage is not only real – it is one of the biggest challenges IT leaders face today. As the threat landscape becomes more complex, it’s difficult to find and hire trained personnel who are both cyber professionals and affordable. To make matters worse, long-term retention of those employees is almost impossible as they are always being poached by other companies.

There are certainly ways to help keep and attract top talent. Hiring managers should ensure compensation and benefits packages are competitive and be willing to give employees significant flexibility with respect to remote working and flexible hours. A CISO isn’t successful without a good team, and you don’t want to lose good employees and make it difficult to find new candidates just because of a rigid workplace.

Since most CISOs recognize the skills gap is real, here are some of the other challenges they face in trying to shore up their security posture:

Relying on cyber-training to train employees to think like hackers.

There’s still a belief that employees have instincts against clicking on a bad link or replying to a seemingly innocuous email, or that the only option is internet security awareness training. But training was never meant to be more than a stopgap measure until appropriate technical tools could be created.

Placing a bet they are too small to be targeted.

Always assume criminals want what you have, even if it's just access to your big partners or customers. They’re fast, they know it's a numbers game, and they view every organization they breach as potentially valuable. If all else fails, they monetize their foothold through a ransomware attack. A good lesson in this was how the Target breach was made through a tiny HVAC vendor who had nothing to steal, except the credentials that got hackers into the Target partner portal. If you’re a small company doing business with a larger one, it’s easy for hackers to use you as a stepping stone, and it also puts the burden of responsibility to prove compliance in case of a breach to prove your business wasn’t involved or at fault.

Fighting for security budget separate from the general IT budget.

From many a CIO’s perspective, security is just one small part of the overall organization they are responsible for running, so they believe it makes sense that the security budget should be a small percentage of their overall IT budget. The reality is an organization’s security budget should be based on what it will cost the organization to effectively manage their security risk. While there’s a correlation between the size and complexity of an IT organization and the cost to secure it, this simplistic view fails to account for the specific threats, regulations and overall risk appetite of the individual organization. Just like it doesn’t make sense to base your auto insurance liability limits on the annual maintenance costs of your car, it doesn’t make sense to base your overall security budget on the annual operating costs of your IT organization.

With these challenges in mind, there are several important considerations for IT leaders who must deliver the best security while still being realistic about their hiring pool and budgets. First, you can fill staffing gaps by leveraging a Managed Security Services Provider (MSSP) within an enterprise. Because MSSPs are security companies, they are much better positioned to hire and retain employees. Just make sure you have enough internal staff to provide oversight to ensure the MSSP is doing what you’re paying them for while outsourcing as many of the daily tasks to them as possible.

Next, upgrade to modern technologies that offer automation of threat correlation, etc. While MSSPs help ease some of the imbalance on the supply side, automation can help ease some of the imbalance for demand. By automating tasks that would normally be done by a staff member, companies can either eliminate the need for that staff member or free them up to work on other tasks.

Finally, ensure that the staff you have can constantly up-level their security expertise through the vendors you work with. On-demand access to threat intelligence gives your guys a reason to learn, and keeps them happy at work.

With the right mix of attracting the best security talent with compensation and work flexibility, letting employees excel at their jobs with the right tools and level of automation, and breaking bad training habits, CISOs can get ahead of these challenges facing organizations in 2018.

Subscribe to Security Magazine

Jack Miller is the Chief Information Security Officer at SlashNext, and he brings more than 25 years overall experience and 18 years of experience as a CISO from a variety of industries including financial services, international transportation, public sector, professional services, chemical distribution and power generation/electric utility. Prior to SlashNext, Miller held an executive in residence role at Norwest Venture Partners where he contributed to the SlashNext evaluation and funding decision. He holds degrees in Marine Engineering and Transportation Logistics from the U.S. Merchant Marine Academy.

Related Articles

Managing Compliance and Due Diligence in International Hiring

Hiring, Training and Retention at the Mercedes-Benz Stadium

IT Employment Grows in First Jobs Report of 2018

Forty Percent of Employers Plan to Hire Full-Time, Permanent Employees in 2017

Related Products

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws 2E

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

security-center

The Top 5 Reasons Why Your Security Program Needs Intelligence Personnel

Globe

Which Countries Have the Worst and Best Cybersecurity?

SEC0219-cover-Feat-slide_900px

The Road to CSO: Meet Microsoft's New Security Leader

password1-900px.jpg

New Vulnerabilities Found in Top Password Managers

password1-900px.jpg

How Americans Leave their Personal Info Open to Thieves

20180226SEC_DataminrFeb_360x184customcontent

Events

February 26, 2019

Harness Real-time Public Information to Improve Active Shooter Response

Corporate security teams hope never to respond to an active shooter situation. But given today’s realities, companies spend a great deal of time developing guidelines, holding training sessions, and carrying out drills to ensure that their staff will be prepared in case an active shooter event occurs.
March 7, 2019

Finding Your Physical Security Blind Spots with Artificial Intelligence (A.I.)

Security infrastructures are undergoing a digital transformation with growing adoption of intelligent access control, video surveillance and analytics as well as IoT devices and sensors – generating more data to than ever before. Harnessed properly with artificial intelligence and a risk-based model, this data can be exposed and leveraged to improve life safety, minimize risk and increase operational efficiency.
View All Submit An Event

Poll

Employee Background Screening

How Often Does Your Organization Conduct Background Screening on Employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
Security-500

Security Magazine

SEC-Feb-2019-Cover_144px

2019 February

In Security’s February 2019 issue, meet Brian Tuskan, Microsoft's New Security Leader. Learn how he has used technology, his reputation, networking and a desire to help people to become Microsoft’s new CSO. Read about the Next Generation of White Hat Hackers, How to Evaluate Security's Role, and more.

View More Subscribe
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing