Security challenge 2013: BYO staff

Robert-Richardson.jpgIn the new issue of Discover Performance, Robert Richardson, editorial director for the Security Media Group at TechTarget, and former director of Black Hat and the Computer Security Institute, shares his thoughts on why BYOD and the struggle to secure mobile devices will continue to vex organizations, even as best practices emerge to lighten the burden.

 

We’ve got an outtake from the interview, in which Richardson tackles another problem for 2013 and beyond: staffing your security team so that you can deal with all these changes and challenges. 

 

Q: Besides BYOD, what else should CISOs be concerned about in the year ahead?

 

RR: One thing that I think organizations are increasingly challenged by is the difficulty of recruiting qualified security professionals, so recruiting may well be a leading issue in the coming year. I think there are two factors driving the shortage in the hiring market. First, whatever surplus there may have been got hired up to handle compliance requirements during the past four or five years. Secondly, governments woke up. Where government agencies used to make only lackluster efforts at shoring up their systems, now they view cyber defenses as part of the overall Homeland Security challenge. Add to that a new emphasis in the military branches on proactive capabilities, and a lot of the best minds in the field are working in uniform.

 

Q: What can we do about it?

 

RR: Part of the solution is being willing to increase salaries, but it will probably also make sense to be creative about training fresh recruits straight out of college. Organizations may need to rethink how they are going to get good talent, and it may make sense to be patient, hire bright people out of college even though they aren't yet up to speed on security, and then train them in house. This is a multi-year proposition and there's always the risk, of course, that your successful apprentice will be lured away by someone else's better pay, but it gets people into the field. I'm a firm believer that real-world seasoning is what counts in this business.

 

Q: How long before some equilibrium will return to the labor pool?

 

RR: The time it takes to close the gap between supply and demand isn't something I've looked at closely, but I don't think it's as simple as putting potential recruits through a six-month training program. Good info-security professionals are made by seasoning over several years. So I suppose I'm saying we're at least five years out.

 

Read the full interview with Richardson in the new issue of Discover Performance. Subscribe to Discover Performance to get more insights on IT strategy and performance delivered to your inbox.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
This account is for guest bloggers. The blog post will identify the blogger.


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation