RSA 2020 Special with David Meltzer and Tim Erlin from Tripwire | The Talent Gap and Sourcing the Right Candidates

There is a talent gap in the cybersecurity industry which is deteriorating as time passes. The survey by Tripwire confirms that the difficulty of hiring and retaining cybersecurity talent is greater compared to last year. To address this challenge, organizations have adopted in house skilling up programs and outsourcing the labor intensive tasks of managing security products. Outsourcing enables the effective utilization of available skills by a group of organizations. The cybersecurity skills requirements have also evolved due to the emergence of Machine Learning and Artificial Intelligence. Previously, organizations required a lot of people with mostly system administration skills to manage security products, but there has been a shift to security orchestration and automation which has reduced the number of people required but increased the level of expertise required. The skills in demand include tools automation, scripting, and programming. Developing the expertise required requires access to technology hence organizations have to invest in training although they face the risk of training and the employees leave the company before the company can get a return on investment. Adopting an aggressive hiring program for fresh graduates and early career candidates helps to build a pipeline and address the shortage because it provides the opportunity to learn on the job. When an organization invests in the growth of the early hires, it improves the employee retention rate and promotes a better work environment. The Tripwire team also recommended internship programs and community educational events.

The major highlights from the RSA conference in 2020 include the notable growth of the managed security services and concern over the impact of Corona. The managed security services mainly address the administration of security products to free the internal resources to address the more challenging security tasks. Corona has resulted in a drastic increase in remote working, which introduces additional risks that CISO’s should take cognizance of. In addition, it may also result in reduced travel for vendors.