The jobs market has never been tougher, with zero hours contracts, internships and intense competition all making landing that ideal job a far tougher prospect than persuading Alan Sugar to invest. But the security industry seems to be the exception that breaks the rule. The sector has been consistently buoyant throughout the years of austerity and continues to exhibit strong growth. Quite simply, demand is outstripping supply.
New ways of working (mobile/cloud/collaborative), ever evolving cyber threats and emerging legislative and regulatory requirements have all created a demand for skilled security practitioners. Across the pond, a recent survey of 435 senior level technical professionals found more than 80 percent had trouble finding the expertise they needed due to the limited pool of skilled security professionals available while closer to home the Report on Jobs published by KPMG and the Recruitment and Employment Confederation last week found that the recent publicity surrounding high profile data breaches had lead to a surge in demand/investment in cyber security teams.
While this is good news for those who find their skills in short supply, its not good news for industry. Inevitably there will be casualties, with some organisations left exposed because they cannot attract the talent they need to mitigate risk, ward off threats and improve their security stance. And those organisations forced to wing it don’t operate in isolation: they have partners, suppliers, customers, all of whom are then in turn exposed. If we weaken enough businesses we ultimately weaken the economy.
Fighting tooth and claw over a limited pool of talent is clearly not the way forward. Initiatives such as The Governments Strategy for Cyber Security are helping with funding and addressing the shortfalls and skills gaps; equally initiatives to such as the CESG Certified Professional (CCP) scheme and government’s engagement with academia (such as the Academic Centres of Excellence in Cyber Security Research) will increase the UK’s academic capability in all fields of cyber security. But how do we address the skills gap in the interim?
One way is to look at how we can utilise existing resource more widely and more efficiently. The most popular specialised roles currently within the IT and Cyber security profession are Information Security or IT Security Consultants, with most organisations looking for certified professionals, such as CISSP. Looking to outsource security provision to qualified personnel rather than putting them on the pay roll allows the organisation to benefit from cutting edge knowledge, experience and expertise without the need for commitment and ensures resource is not monopolised. Provision can be ramped up or down through the use of Managed Security Services (MSS) and the consultant is incentivised to continue to keep their knowledge base and qualifications as up to date as possible.
It’s a win-win and it’s why Virtual Security Teams, that can be called upon on demand, have to be the solution when it comes to solving the skills gap.