Is cybersecurity as a service (CSaaS) a real solution for the IT talent shortage?

1.7k views4 Comments

CEO and Co-Founder in Software, 51 - 200 employees
For the people I work with and the peers I'm talking to, the number one reason for them to outsource any security service is the lack of necessary skill sets. They're able to tool it right, when I say tool it right, to the existing skill set. There are people who are traditional networking folks or have moved away from endpoint protection but they don't understand Cloud.

So you're actually seeing a big skills gap when you look at SaaS products, which you truly don't manage other than provisioning. You only have authorization and access. Everything else is done by somebody else. That's a different play.
1 1 Reply
Board Member, Advisor, Executive Coach in Software, Self-employed

For security as a service, do we also need skill development as a service? And do we therefore have to continually embed that in our culture, in our capabilities, to continually perpetuate learning and application of that learning? Because if we don't, we're going to fail regardless of whatever service model we put in operationally.

Board Member, Advisor, Executive Coach in Software, Self-employed
There’s a company that offers a solution that I love with regard to workforce development, skill development, proof of skills, etc. It's called Immersive Labs. They have great capability on continuous skill development, skill building, and in a wide variety of ways. They're getting a lot of traction; I have several friends that are using them.

I actually pointed a friend to them because they only had the ability to recruit lower-skilled talent due to the size of the company. I told them, you don't have to compete for a security operations center (SOC) analyst that will cost $175K a year. Get somebody from the junior college who's been an IT person and wants a cybersecurity career. You can pay them $55K a year and then ramp them over a period of time. You'll have lower costs and someone that will be stickier with you. At some point, once they've shown that they can do all these things they might bail and try to get the $200K per year job.

But if you are constantly backfilling you have to basically skill people up. It's lower cost and makes people stickier but you will still need to constantly recruit and train because they’ll either migrate up to some level of management or migrate out. That's the treadmill you're on—otherwise, you're on a treadmill with the vendor. Those are your choices.
Director of Technology Strategy in Services (non-Government), 2 - 10 employees
You still need someone in the business who is accountable for the cybersecurity. And it’s not just a matter of saying, “You're now accountable for this.” It's giving them the skills and the knowledge they need to know that and know what that means.

When New Zealand changed their privacy laws, one of the requirements was that every company now needs to have a privacy officer appointed. That doesn't mean they need to have someone in there whose job is only privacy, but if there's a breach, or if there's anything that needs to be done around information and data sharing, there’s a person who's responsible for it. You can say to someone, “You're now our privacy officer.” But what does that mean? What are their responsibilities and roles? It's a bit hard to retrofit this but as you start to hire towards certain roles, you have to start putting that in the job description, the contract, as well as the responsibility statement that you put in front of them when they come on board. That way they know this is what they should actually be doing.

Content you might like

Important solution for today’s way of working52%

Interesting idea to explore for 202242%

Not necessary6%


976 views1 Upvote1 Comment

Director Of Information Technology in Manufacturing, 501 - 1,000 employees
Following - interested in this question also.

4.5k views6 Upvotes1 Comment

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
39.9k views130 Upvotes318 Comments