With a dynamic threat landscape growing in sophistication and intent, expectations on the information security function are increasing rapidly. With limited personnel available to manage the risk, attracting, recruiting and retaining a workforce presents a significant challenge for providing immediate and sustainable security. Shortfalls in skills and capabilities are manifesting as major security incidents that damage organizational performance, reputation and image. Building tomorrow’s security workforce is vital to addresses this challenge and deliver robust security for organizations in the digital age.
“Filling the skill shortage will require organizations to change their attitude and approach to hiring, training and participating in collaborative pipeline development efforts. An overly rigid and traditional approach to identifying candidates, coupled with over-stressed and under-staffed work environments, is clearly in need of new tactics and fresh ideas,” said Steve Durbin, Managing Director, ISF. “With clear direction and leveraging fundamental HR concepts, organizations can develop an approach that formalizes the structure of the security workforce, harnessing the appropriate talent and skills to achieve the organization’s security objectives. Building Tomorrow’s Security Workforce helps organizations find the right balance they require to be successful.”
According to the ISF, organizations need to refocus their outlook to incorporate new developments in the global security workforce. This requires the information security function to establish a strategic direction for its security workforce that aligns with organizational objectives. Embracing four objectives will set the strategic direction for building a sustainable security workforce:
By combining these strategic objectives with fundamental HR concepts, organizations can plan and build a security workforce for tomorrow. The ISF Approach addresses existing challenges and provides the structure for a robust, sustainable security workforce to meet the evolving demands of the digital age. It accounts for the varying size, budget and remit of security workforces. It incorporates workforce planning for designing and building an organization’s – or function’s – security workforce. Workforce planning will align the security workforce with organizational strategy and operational requirements, preparing the security workforce for future demands.
“Moving forward, organizations need to broaden their approach to recruiting security professionals from a diversity of backgrounds, disciplines and skills sets; focusing on the aptitude and attitude of candidates rather than insisting on a host of specific skills, experience and qualifications that would elude a large proportion of current and potential information security professionals,” continued Durbin. “Our members are already demonstrating success, building tomorrow’s security workforce with the necessary skills and expertise, developing and retaining employees in a progressive and engaging environment. They understand that a sustainable security workforce is essential if the information security function is to become a partner to the business and effectively manage the increasing security burden.”