Recruiting InfoSec Pros in Tight MarketInsights on Creating 'Center for Security Excellence'
In light of the critical shortage of information security professionals, organizations must strive to become a "center for security excellence" to successfully recruit the specialists they need, says analyst John Oltsik of Enterprise Strategy Group.
The research company's recent global survey of 600 IT and security professionals determined that 65 percent find it somewhat difficult to recruit and hire information security professionals while 18 percent find it extremely difficult, Oltsik said in a Feb. 24 presentation at the RSA Conference 2014. The area with the greatest security skills shortage is cloud computing and server virtualization, mentioned by 43 percent. Other key shortage areas are endpoint, mobile device and network security, as well as data analysis/forensics.
A key step to successful recruiting of infosec pros, Oltsik says, is "integrating security into the corporate culture."
In an interview with Information Security Media Group after his presentation, Oltsik, senior principal analyst at the Milford, Mass.-based firm, described some of the components of creating a center for security excellence: "Security people want exposure to training and they want exposure to their peers ... and they want to give input to vendors about their products. If they're always busy putting out fires, then they can't do that. You need to figure out how to make your people more efficient ... so they can build a career."
Continuing education is essential, he stresses. "The average security professional is two years behind in terms of knowledge of what the bad guys are doing," he contends.
Other steps organizations should take in light of the shortage of qualified infosec pros, Oltsik says, include:
- Look for opportunities to outsource certain security functions;
- Adopt "intelligent turnkey technologies" that are easier for staff to use;
- Automate as many tasks as possible.