The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83% of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85%) stated that it had become more difficult for their organizations to hire skilled security professionals since then.

Given this finding, we at The State of Security asked security experts to identify the biggest barrier to entry and hiring into digital security. We then asked them to share their thoughts on how companies could work to overcome those issues. Their responses are presented below.

Sarah Clarke | Data Protection & Privacy, BH Consulting

The primary blockages I see to recruitment and (more seriously) medium-term retention are lack of capacity to train in post, excessive expectations of discretionary hours, lack of flexibility in terms of both hours and remote working and poor role definition. There are too many ads looking for a wish list of responsibilities, specific technologies, years of experience, and qualifications.

The former two are indicative of the way security is viewed and valued in the organisation. Often, training going down and discretionary hours going up is a quick and brutal effect of more general cost-cutting. Flexibility and remote working are about the nature of roles but also whether firms trust staff and put effort in to technically enable it. If they don’t, they need to start because my anecdotal feedback is that it’s a big draw…and a big red flag if ruled out on invalid grounds.

Issues with role definition are a knottier problem. The industry as a whole is bad at analyzing what is required to do specific parts of the security job well and the kind of experience, education and capabilities needed to (Read more...)