Steve Durbin (firstname.lastname@example.org) is Managing Director of the Information Security Forum (ISF), a global nonprofit headquartered in London, UK.
As the cyberthreat landscape becomes more varied and intense in sophistication and strategic intent, demands on information security and compliance teams relentlessly shift and swell. With limited personnel to manage the rising risk, the difficulty attracting, recruiting, and retaining an appropriately skilled workforce has become a risk in and of itself.
Shortages in skills and capabilities are being revealed as major security incidents damage organizational performance and reputation. Building tomorrow’s security and compliance workforce is essential to address this challenge and deliver robust and long-term security for organizations in the digital age. Filling the skill shortage will require organizations to change their attitude and approach to hiring, training, and participating in collaborative pipeline development efforts. An overly rigid and traditional approach to identifying candidates, coupled with overstressed and understaffed work environments, is clearly in need of new tactics and fresh ideas.
Organizations that fail to adopt a more creative approach will find themselves dangerously shorthanded in the next few years, as both attacks and defensive measures (e.g., security software platforms, patching and configuration practices, analytics, and machine learning) become more complex.