Maksim Kabakou - Fotolia

Security Think Tank: Internal up-skilling key to tackling cyber security skills shortage

What strategies can organisations use to ensure that they are able to hire the information security professionals they need and that good candidates are not being missed or overlooked?

As a specific business sub-set, human resources (HR) is seldom regarded as the most fleet of foot department and, more often than not, it is not the most technologically advanced either.

It therefore does not come as any great surprise to hear that organisations find themselves in a position where they are unable to fill cyber security positions for months or even years, not because they are unavailable, but because recruitment processes are flawed.

Businesses on the whole (not just HR departments) often lack the general understanding of the requirements needed in a modern cyber security professional, or the evolving challenges they face on a daily basis.

Changing these dated perceptions must be the long-term, ultimate goal for businesses and the cyber security industry collectively. But to achieve this, there are a number of things that need to happen first.

In enterprise IT, there is a single point where everything that matters in information, technology and business converges – the security space.

One of the best ways to avoid costly lag-time periods between finding and hiring skilled cyber security professionals is to up-skill and transform the current workforce in an organisation from the inside-out. 

As the cyber landscape continues to rapidly evolve, it is not enough to rely solely on knowledge, theory and the status quo – real-life skills and experience are paramount.

Certifications help individuals demonstrate employee skills and prove that they know the most current cyber security standards; but they also offer employers the confidence that their employees are up to the demanding and continually changing tasks represented by the cyber security landscape.

A performance-based certification such as ISCA’s CSX is testament to real-life skills and experience gained at the proverbial security “coal face”, and can prove invaluable to employee and employer alike.

Furthermore, performance-based certifications and internal up-skilling provide employees with the credibility needed for cyber-career mobility in their organisation, as credential holders will add cyber security value to the overall enterprise offering itself.

With performance-based certifications such as CSX, both business leaders and existing cyber professionals can continue to obtain the knowledge, tools, guidance and connections to remain at the forefront of a vital and rapidly changing industry.

By sidestepping the often tricky obstacle of finding appropriately skilled staff from outside an organisation and cultivating home-grown organic talent, HR departments do not have to source the more challenging cyber security positions and can simply backfill the gaps previously occupied by them.

Christos Dimitriadis is international president of Isaca and group director of information security for Intralot, Greece.

Read more on Hackers and cybercrime prevention