CISO's Cant Find The Right People

Uploaded on 2020-05-15 in JOBS-Training, JOBS-Careers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A recent study by the upscale human talent acquisition agency Stott and May, featuring a panel of 55 security leaders from around the globe, has found that access to cyber security skills remains the number one barrier to strategy execution. 39% of the sample stated that a lack of internal security skills was their number one challenge with budget (30%), board level buy-in (22%) and technology (9%) called out as other notable hurdles.
 
Other key findings in the report include:
 
  •  Most respondents (76%) believe there is a shortage of cyber security skills in their company, however, the problem still seems more potent for mid-market and large enterprise businesses.
  •  Organisations are still struggling to source cyber security talent (72%) with no material improvement around time-to-hire from 2019. 
  • The business perception of cyber security is moving away from unnecessary expense (15%) towards strategic priority (54%) in the wake of well publicised breaches resulting in fines and reputational damage.
  • Customers are becoming more educated and demanding around the issue of cyber security, driving most respondents (69%) to conclude that their business feels that functions can add value to their companies’ overall proposition. 
  •  As more business move towards the cloud 54% of cyber leaders believe we will see an increase in incidents. 
  •  30% of security leaders are also looking internally for transferable skills first before going to the open market.
CISO’s are being forced to become more creative about how they leverage their finite resources with 46% of the sample stating that they believed that AI and Machine Learning could offer part of the solution in terms of automating more workloads.
 
Jim Rutt, CISO at the medical research organisation, he Dana Foundation, one of the participants in the research stated; “the first thing that most CISO’s are going to gravitate towards is trying to leverage some form of artificial intelligence or automation. There’s upside here in terms of making teams work a lot smarter and reducing the volume of manual tasks.”
 
Rutt did, however, explain that CISO’s need to be more hands on if automation projects are to realise their intended benefits. “Often the challenge is the burden on building these initiatives falls on the SOC team rather than the architectural or leadership teams. These individuals are less likely to understand, from an enterprise perspective, what they should be automating and where the priorities sit.” 
 
He continued; “CISO’s need to be looking at solutions that reduce manual work, but they need to really have skin in the game from a technical and process perspective about what’s going on and what is going to be viable.”
 
The report also touches upon the key challenges that sit in front of CISO’s in 2020. Outside of getting a better handle on the recent influx of remote workers and the aforementioned need for more automation, key themes also included; improving maturity around risk measurement and metrics, insider threat, asset management and API security.
 
 
The Stott and May Cyber Security in Focus Survey examines the key issues that have made an impact on the market over the course of this year. Respondents were asked to share their views across a wide range of issues including, but not limited to, the skills shortage, the boardroom perception of cyber security, talent attraction and the challenges associated with securing business in the cloud. You can access the full report here.
 
You Might Also Read: 
 
How Can Boardrooms Effectively Manage Cyber Risk?:
 
 
 
 
« Beware The Latest Malware
Coronavirus Phishing Scams »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

Centre for Development of Advanced Computing (C-DAC)

Centre for Development of Advanced Computing (C-DAC)

C-DAC is the premier R&D organization of the indian Ministry of Electronics & Information Technology. Areas of research include cyber security.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

AVORD

AVORD

AVORD is a cloud-based security testing platform that allows clients to manage security testing requirements in a far more productive and efficient way.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

SecurityStudio

SecurityStudio

SecurityStudio is a continuous cybersecurity risk management platform that allows decision-makers to quickly identify the most immediate threats and make confident risk informed decisions.

at-yet (@-yet)

at-yet (@-yet)

at-yet are an interdisciplinary team of experts. We are all about achieving results, whatever the situation – an acute incident, risk minimisation, safeguarding or data protection.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.