The Hot Cyber Sector

When you are a cyber security leader, when you are accountable for cyber security across your organisation, what keeps you awake at night? Is it the latest zero-day vulnerability, the fear of data loss due to poor user behaviours, perhaps its wondering if your latest product release is really as secure as you are being told?

I can just see many a CISO and cyber leader across the globe nodding their heads in agreement!

But what about the current talent war for cyber professionals? Organisations across the globe are fighting for the right to employ what they see as the very best cyber talent available to them, and so they should, right?

Naturally demand for cyber security professionals then goes through the roof! That’s great if you are a cyber professional looking for your next role, but for cyber leaders its another worry to add to those sleepless nights. Do you have the right people delivering your cyber function?

When a job sector is as hot as cyber security its only natural that professionals all over the world will look at that and think, I’d like to give that a go. That’s fantastic, as a cyber security community we should be looking to build our capability and welcome others into our world.

However, at Third Party Cyber Security (TPCS) we see a growing trend of organisations looking to employ people based mainly on what cyber security qualifications they hold. Maybe it’s a Project Manager who has achieved the Certified Information Security Management certification (CISM). Perhaps it’s an IT professional who has studied hard and gained the Certified Information Systems Security Professional (CISSP). These are wonderful accomplishments, and we should ensure that these new members of our cyber security community are recognised and supported in their transition into cyber security roles.

But how do we do that in a way that works for everyone. As a cyber security community we need to be careful. Just assuming that a recent cyber security qualification provides all the tools to allow a person to make informed decisions around cyber risk could be as dangerous as leaving your systems unpatched.

Not only that, but it’s also incredibly unfair on the person involved who instead of receiving the support and mentoring they need, suddenly find themselves in a position where they are being asked to sign off cyber risk that they may not fully comprehend. This is the true consequence of the current talent war for cyber professionals. Organisations placing their cyber security risk decisions into the hands of recently qualified cyber professionals who are not quite ready for that.

So how does an organisation prepare to win in this ongoing war for talent? At TPCS we believe the following steps will allow you to grow your cyber security capabilities for the now and for the future!

1 Consider a graduate programme to ensure you have access to the next generation of brilliant cyber security professionals.

2 Nurture and support newly qualified cyber security professionals by allowing them to shadow more experienced team members.

3 Look for clear and demonstrable evidence of cyber security delivery when you go to market for new employees.

4 Leverage third party cyber expertise to ensure you have an external lens applied to your cyber security function and that you are managing cyber risk in the way you think you are.