Senior leaders in business and government ought to take note of ISACA’s State of Cybersecurity 2019 research, which details the findings of a global survey of cybersecurity professionals.
The report highlights many of the issues of which we cybersecurity professionals long have been painfully aware: that it is increasingly difficult to recruit and retain technically adept cybersecurity professionals; that while gender diversity programs have yielded positive results, support for these programs may be waning; and, cybersecurity professionals are concerned that budgets for cybersecurity programs are flattening or on the decline.
While most senior leaders are already sensitive to these issues, the report should kindle a sense of urgency to address them. I submit that traditional methods of addressing these issues are inadequate to remedy the situation and we need to look to other leadership approaches to fill the gaps.
With cybersecurity professionals being such a high demand/low density asset, organizations ought to think out-of-the-box to ensure they have the right people, with the right skills, in the right place, at the right time. They need to look at other sources of talent. As an example, I am a huge fan of reskilling personnel. Reskilling is a term meant to describe where an existing employee is trained in new skills to fill gaps. During my time in the US Air Force, I saw this technique used to great effect as we took mid-level security forces personnel and trained them in information technology and cybersecurity skill sets. Some of the best cybersecurity professionals I know are former Air Force cops. Reskilling personnel is a tool that senior leaders can use to close the gaps.