There's been an increasing demand and an overarching issue with supply of security talent. How are you dealing with that? Any advice for our peers facing the issue?
Senior Security and Compliance Auditor in Software, 1,001 - 5,000 employees
In my experience its key to have a stable leader in InfoSec so as staff leaves/promoted for new opportunities the leader still has the overall vision, processes, goals, culture, and support in place. This allows for a wider range of talent (entry level to senior) that can be plugged into the "system". That said, keeping that leader may still be a challenge as is finding the leader who can do this effectively. Director of Information Security Operations in Consumer Goods, 1,001 - 5,000 employees
The challenge is real, so many candidates post fake CV with no real experience and overrated salary expectations, it's hard and u must verify the relevant technical skills on real life examples Cybersecurity Lead Analyst in Finance (non-banking), 10,001+ employees
In my humbled experience as people to be choosen for any cyber or security option, we should be honest more than the experience or knowledge we put at the Resume or CV. One thing is sure, if anyone take a call hearing about a challenge but also atractive offer (benefits and flexibility in a global world, and carrer path if exists), I am pretty sure there is a potential deal to be closed. Otherwise, we might be open to work as freelancers or by projects if the need from other external client (Company) fits with all the conditions to be addressed.CTO in Software, 11 - 50 employees
It starts with a cultural approach/shift to start with first embedding security awareness into the entire organization. The next step is to augment your existing security team with automation + orchestration solutions, often referred to as #DevSecOpsCTO in Software, 11 - 50 employees
The hiring shortage within the cyber security industry is a symptom, and not the problem. What we have found with CLAW by CybernetIQ (www.cybernetiq.io) is that the ability to provide a clear picture of the cybersecurity landscape enables senior operators, and harnessing our ML / AI “Reflexes” enables Junior team members to rapidly accelerate their path to becoming an effective strength.
Basically, it's a tool that levels up your existing team instantly, without having to add to headcount.
As a recovering CISSP/ CCNA/ MCSE I know firsthand that cybersecurity is hard--but doesn’t have to be.
What we have discovered with our Attack Surface Analysis platform is that teams that have a clear understanding of their tools are a much more effective force for the enterprise that they manage. Consequently, we can take people off the frontline, give them a solution that makes sense of the security investments, and generate value Day 1, Minute 1. Happy to explore what that might mean for you.
Content you might like
Community User in Software, 11 - 50 employees
organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
Deployment frequency30%
Cycle time46%
Change failure rate53%
Mean time to restore32%
Velocity27%
Coding time23%
Pull request pick up time16%
Pull request review time11%
Pull request size10%
Deploy time23%
Deploy frequency20%
Rework rate13%
Another metric (please share in a comment)2%
97 PARTICIPANTS
Director of IT, Self-employed
One thing I do is include them in the meetings about the changes that will take place and get their opinion. I also lay out the pros and cons of the changes and how it will effect us as a team moving forward.Different time schedules/time zones.47%
Lack of technology allowing for meaningful or productive communication.36%
Clash of cultures in different countries.12%
Other, please specify.4%
886 PARTICIPANTS
So, the alternative from a talent perspective is to work with a traditional consulting firm. But unfortunately, consultants are very expensive and are subject to availability.
At Cobalt.io, we've managed to hack the talent shortage. We work with heavily vetted, certified freelance penetration testers who do the testing for us after their office hours or over the weekends.
Yeah, and a lot of folks don't realize the breadth and depth of security. It's value protection. It doesn't all sit with technology, rather sits everywhere. It could be a business that's interacting with the cloud service that the organization doesn't even know about. Data loss prevention, especially with the cloud today, is a lot more complex with analytics. It is an entire technology driven organization that may have nothing to do with the actual core IT organization.