In a previous post, I shared some expert insight into how organizations can address the challenges of hiring skilled talent despite the ongoing infosec skills gap. Organizations can’t rest easy once they’ve brought on new talent, however. They need to make sure they hold onto their existing workforce.

That’s easier said than done. Cybersecurity Ventures forecasted that a total of 3.5 million infosec-positions will be unfilled in 2021. Clearly, skilled infosec professionals have plenty of other places to go should they be unhappy with their current employer.

AWS Builder Community Hub

Acknowledging that reality, we at the State of Security asked security experts to weigh in on the impact of the infosec skills gap on existing security teams. We then asked them to share their thoughts on how organizations can keep their current teams intact. Here’s what they had to say.

Sandy Dunn | CISO, Blue Cross

It’s challenging. I accept that there will always be four times more work than I have resources. My mantra is to prioritize. Make sure we are working on the highest risk, the most likely security issues, and communicate the residual risk.

The other solutions are extending the responsibility for protecting the business into all parts of the business. I “deputize” people onto the cybersecurity team, and I recognize that people bring cybersecurity issues and solutions. I even have silver deputy badges that I found on Amazon for .50 each that I hand out with a certificate of recognition. I love walking by people’s cubes and seeing them pinned on the wall!

There is also an opportunity to leverage low tech solutions like easy-to-find and easy-to-follow security cheat sheets, so people whose core competency is customer service, legal, or administration can know how to do things securely without being frustrated or inadvertently causing a security incident.

(Read more...)