Cybersecurity teams are consistently facing three significant challenges today:
- Accelerated digitization and digital transformation are expanding organizations’ attack surface
- Cyber-attacks are continuing at a record pace
- Ongoing shortage in the market for IT and cybersecurity talent
Cybercrime is forecast to cause $8 trillion in damage in 2023 and exceed $10 trillion by 2025. Researchers say 300,000 new pieces of malware are created every day. Ransomware-as-a-Service (RaaS), AI-driven attacks, and cheap hacking tools available on the dark web are all creating havoc.
At the same time, the pressure to continue to defend and secure assets escalates, organizations also continue to expand their cloud footprint. It’s a battle just to stay on top of everything — especially when you consider that the ISACA State of Cybersecurity 2022 Report found that the skills gap has more than doubled in the past few years.
What’s a CISO to do?
To start, CISOs need to understand their team’s skills gaps and prioritize attracting talent and upskilling current team members. It has become a vital requirement of CISOs today to effectively build, lead, and inspire their teams to feel empowered while learning and growing throughout their careers to stay ahead of evolving threats.
Building and Maintaining High-Performing Cybersecurity Teams
Leading CISOs are focusing on building a strong brand, with a focus on growth opportunities and team development.
It helps to look at your organization from the viewpoint of what your team members want.
Cybersecurity pros know they need to stay current to remain relevant, so most are actively seeking environments where they can continue to learn and grow to meet their career goals. They also want the ability to develop their skills and progress in their career path. CISOs need to provide these growth opportunities and promote them to attract talent, retain employees, and grow capabilities. Successful CISOs focus on team dynamics and creating a competitive culture that values continuing education and the development of future leaders.
There are more than three-quarters of a million current job openings in cybersecurity in the U.S. Amid this fierce competition for talent in InfoSec, CISOs need to create an external brand that showcases an attractive environment for candidates, including career paths and work/life balance.
Among the skills CISOs need, it’s time to add marketing.
Creating a great internal culture is important, but to compete effectively in the tight talent market, more needs to be done. CISOs should also openly and pro-actively demonstrate organizational commitment to meet candidates’ career interests. This includes tactics such as marketing campaigns and targeted job ads that focus on what candidates will get out of working for you and your organization, rather than just the skills you require. Furthermore, pursuing opportunties to get both your company brand and personal brand out in the market will help broaden your network of cybersecurity professionals, ideally expanding your potential talent pool as you continue to build out your team.
Recruiting a Strong Cybersecurity Team
CISOs should also explore broadening their outreach and draw from alternative and non-traditional talent pools to meet the evolving needs of their organization. This often takes hiring managers out of their comfort zones as they may need to consider candidates that do not have years of experience in the field.
However, we know that hard skills can be learned along the way.
Soft skills are equally — or even more important — than hard skills in cybersecurity. Finding candidates that are dedicated, reliable, detail-oriented, and driven to succeed is crucial to successful recruiting. Unlike many technical capabilities, such soft skills typically cannot be taught.
Upskilling Cybersecurity Teams Through Training
Team development and career path strategies are important to keeping teams on top of evolving threats, but they are also increasingly important to avoid burnout and turnover. The best CISOs are actively identifying opportunities to automate traditional and routine tasks, such as system monitoring and incident responses, and transitioning people into security architect-type roles and career paths that are more engaging and motivating.
This helps enhance the employee experience while also helping to develop succession plans by identifying the next generation of cybersecurity leaders, and eventually CISOs. CISOs often find that many of their promising team members often struggle to develop the critical soft skills they will need to progress in their careers.
Since many InfoSec professionals are introverted by nature, prioritizing and coaching soft skills will be just as important as continuing education on emerging threats and the development of hard skills.
There are many cybersecurity learning platforms available, but organizations often face limitations in time and resources. The frequent updates also can make these programs outdated quickly. To combat this, many companies establish individual learning budgets for team members. However, this can also result in mismatched skill development and further widen the skills gaps.
CISOs must set training standards and priorities, especially when looking for those with the potential to grow into a CISO role. Best practices include training programs for:
- Cybersecurity Awareness Training: Start with basic cybersecurity awareness training to build a strong foundation.
- Technical Training: Offer in-depth technical training that covers topics such as network security, application security, data protection, and incident response.
- Industry Certifications: Encourage them to pursue industry certifications such as Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH). These certifications validate technical knowledge and demonstrate commitment.
- Hands-On Experience: Simulated cyber-attack scenarios and real-life cybersecurity projects help test their skills and expand their knowledge base.
- Mentorship and Networking: Pair them with a mentor and help them build a network of other cybersecurity professionals that can help provide guidance and support as they navigate the progression to a CISO role.
- Regular Updates: Encourage them to stay updated on the latest developments in the field by attending conferences, webinars, and workshops.
The shortage of cybersecurity talent and the evolving threat of cybercrime continue to make the job of security challenging. Addressing the skills gaps through more diverse recruiting, continuous upskilling of team members, and cultivating the next generation of leaders will be crucial for long-term success.
To stay up to date on trends shaping the executive talent landscape, subscribe to our blog for additional insights.