Is cybersecurity as a service (CSaaS) a real solution for the IT talent shortage?
Board Member, Advisor, Executive Coach in Software, Self-employed
There’s a company that offers a solution that I love with regard to workforce development, skill development, proof of skills, etc. It's called Immersive Labs. They have great capability on continuous skill development, skill building, and in a wide variety of ways. They're getting a lot of traction; I have several friends that are using them. I actually pointed a friend to them because they only had the ability to recruit lower-skilled talent due to the size of the company. I told them, you don't have to compete for a security operations center (SOC) analyst that will cost $175K a year. Get somebody from the junior college who's been an IT person and wants a cybersecurity career. You can pay them $55K a year and then ramp them over a period of time. You'll have lower costs and someone that will be stickier with you. At some point, once they've shown that they can do all these things they might bail and try to get the $200K per year job.
But if you are constantly backfilling you have to basically skill people up. It's lower cost and makes people stickier but you will still need to constantly recruit and train because they’ll either migrate up to some level of management or migrate out. That's the treadmill you're on—otherwise, you're on a treadmill with the vendor. Those are your choices.
Director of Technology Strategy in Services (non-Government), 2 - 10 employees
You still need someone in the business who is accountable for the cybersecurity. And it’s not just a matter of saying, “You're now accountable for this.” It's giving them the skills and the knowledge they need to know that and know what that means. When New Zealand changed their privacy laws, one of the requirements was that every company now needs to have a privacy officer appointed. That doesn't mean they need to have someone in there whose job is only privacy, but if there's a breach, or if there's anything that needs to be done around information and data sharing, there’s a person who's responsible for it. You can say to someone, “You're now our privacy officer.” But what does that mean? What are their responsibilities and roles? It's a bit hard to retrofit this but as you start to hire towards certain roles, you have to start putting that in the job description, the contract, as well as the responsibility statement that you put in front of them when they come on board. That way they know this is what they should actually be doing.
Content you might like
Important solution for today’s way of working52%
Interesting idea to explore for 202242%
Not necessary6%
214 PARTICIPANTS
Yes65%
No24%
Unsure9%
Other (tell us in the comments)2%
156 PARTICIPANTS
Chief Information Security Officer in Software, 5,001 - 10,000 employees
I am not sure there is a one-size-fits-all answer to the number and size of projects a project manager should oversee simultaneously. It is essential to evaluate the specific circumstances and factors involved in each situation. ...read moreDirector Of Information Technology in Manufacturing, 501 - 1,000 employees
Following - interested in this question also.CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
So you're actually seeing a big skills gap when you look at SaaS products, which you truly don't manage other than provisioning. You only have authorization and access. Everything else is done by somebody else. That's a different play.
For security as a service, do we also need skill development as a service? And do we therefore have to continually embed that in our culture, in our capabilities, to continually perpetuate learning and application of that learning? Because if we don't, we're going to fail regardless of whatever service model we put in operationally.