Recruiting InfoSec Pros in Tight Market

Insights on Creating 'Center for Security Excellence'
Recruiting InfoSec Pros in Tight Market

In light of the critical shortage of information security professionals, organizations must strive to become a "center for security excellence" to successfully recruit the specialists they need, says analyst John Oltsik of Enterprise Strategy Group.

See Also: Creating a User-Centric Authentication and Identity Platform for the Healthcare Industry

The research company's recent global survey of 600 IT and security professionals determined that 65 percent find it somewhat difficult to recruit and hire information security professionals while 18 percent find it extremely difficult, Oltsik said in a Feb. 24 presentation at the RSA Conference 2014. The area with the greatest security skills shortage is cloud computing and server virtualization, mentioned by 43 percent. Other key shortage areas are endpoint, mobile device and network security, as well as data analysis/forensics.

Corporate Culture

A key step to successful recruiting of infosec pros, Oltsik says, is "integrating security into the corporate culture."

In an interview with Information Security Media Group after his presentation, Oltsik, senior principal analyst at the Milford, Mass.-based firm, described some of the components of creating a center for security excellence: "Security people want exposure to training and they want exposure to their peers ... and they want to give input to vendors about their products. If they're always busy putting out fires, then they can't do that. You need to figure out how to make your people more efficient ... so they can build a career."

Continuing education is essential, he stresses. "The average security professional is two years behind in terms of knowledge of what the bad guys are doing," he contends.

Other steps organizations should take in light of the shortage of qualified infosec pros, Oltsik says, include:

  • Look for opportunities to outsource certain security functions;
  • Adopt "intelligent turnkey technologies" that are easier for staff to use;
  • Automate as many tasks as possible.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network