By Juanita Koilpillai
CEO, Waverley Labs

It’s no secret that the IT industry has become woefully short on skilled IT professionals qualified to perform analysis required for cyber security, threat mitigation, and digital risk profiling.

This article, Information Security jobs Unfilled as Labor Pains Grow, examines an industry-wide shortage of skilled workers being compounded by generally low pay, limitations in available training, and a lack of preparedness among college graduates entering the IT security workforce. A smaller subset of skilled workers is commanding exorbitant salaries further widening the talent rift in the IT security workforce.

At the same time, high profile attacks like Sony and Anthem have gotten the attention of senior management who are now scrambling to address their cyber security inadequacies. As they realize they do not have the expertise to address the growing threats, their response has typically been to deploy even more security tools in IT environments that are typically underutilizing the tools and resources they have.

shrinking talent pool

Instead, they should be evaluating digital risk management (DRM) frameworks employing people, processes and technology, coupled with identification of the specific threats to the operations/business and developing solutions that enable you to mitigate risk across your entire environment. These DRM solutions reduce requirements for human intervention by focusing on automating the capture of human knowledge where possible, appropriate, and acceptable by the operations/business. Organizational knowledge is analyzed to identify, prioritize and quantify risks to understand the true threats to operations from a business perspective. This automation of knowledge capture also enables you to retain knowledge within your organization even as IT security expertise may be leaving.

DRM is the agent of change in the deteriorating IT security landscape. To better mitigate cyber risk without falling into the same traps, consider a DRM framework for knowledge capture and adopt a new mindset:

  • Stop buying tools – focus on getting more out the tools you have
  • Automate the mundane or repetitive tasks – especially where processes have already been used, proven or established – this allows you to maximize the power of automation and save time
  • Be prepared to pay for the expertise you need, not more lower priced options
  • Make job descriptions understandable and interesting – focus on those tasks that truly require human decision-making and analysis
  • Provide more comprehensive training to account for unknown risk scenarios
  • Use DRM to capture the knowledge of known attacks
  • Think like a hacker and find out where your previously unknown vulnerabilities lie – eliminate threats and scenarios that do not apply to your particular environment, operations, or enterprise