By: Rob Rashotte, Vice President, Global Training & Technical Field Enablement, Fortinet
Far too often security is being overlooked in a rush to embrace digital innovation. As a result, as businesses rapidly adopt new technologies and computing platforms, they are also opening the door for cybercriminals who are looking to gain access to valuable data. With this in mind, cybersecurity needs to play a central role in all digital transformation efforts – a strategy known as security-driven networking. However, many of these same businesses are also facing the challenges of the growing cybersecurity skills shortage, which can lead to unfilled roles with traditional areas of responsibility, such as identifying, patching, and updating vulnerable systems. While there is a clear need for individuals who can effectively manage these threats, security talent is difficult to find.
How the Skills Shortage Impacts Business
According to a study conducted by (ISC)2, the global shortage of cybersecurity professionals has now surpassed 4 million – which means the global cybersecurity workforce must now grow at a staggering rate of 145% each year just to meet the growing demand for skilled talent. While there has been an uptick in universities offering cybersecurity degrees, that will barely make a dent in the workforce gap. CISOs will also need to work to address the cybersecurity skills shortage within their organizations, leveraging things like internal training, paying for certification courses, and establishing effective mentoring programs. A Forbes Insights survey commissioned by Fortinet found that CISOs are looking for more talent and need better training for employees. While this is taking place, they must also take care to consider how this gap is impacting the business as a whole, including their current employees.
It is no secret that understaffing can put pressure on those employees required to pick up the slack. This stress can result in decreased productivity and employee burnout, which can often lead to human error. Without a security team that is fully rounded out and able to work as efficiently – and effectively – as possible, organizations may face network intrusions, data loss, and reputational damage. And from a financial standpoint, businesses lose an average of $3.86 million when impacted by a data breach.
Why CISOs Need to Address This Challenge
The impact of the skills shortage is too powerful to ignore and requires intervention. This is where an effective strategy driven by the CISO comes in. The evolution of the CISO has expanded the role from being a technologist solely focused on managing an organization’s security risks, to also being a business strategist able to reach across organizational boundaries to shape and mobilize resources to enable things like secure digital transformation.
In today’s threat landscape, security solutions alone are no longer enough to withstand modern cyber threats. The expanding responsibilities of the CISO and the organizational impact of today’s cybersecurity skills shortage both play a critical role in the success of an organization’s digital transformation efforts and security strategies. While an effective CISO can provide essential guidance, a skills shortage can present uncertainties that can still adversely affect the productivity and morale of the security team – which can directly impact the overall security of the organization.
Taking Advantage of Current Talent
Of course, the skills shortage has made new talent difficult to find – which is precisely why CISOs must establish, or reinvigorate, training and education programs for their current employees., combined with an effective mentoring program to quickly bring entry-level team members up to speed. By investing time and efforts into existing team members, security leaders can actively provide more value to their organizations without having to rely solely on seeking new talent. Additionally, employees will gain new skills that will not only help them to do their job more efficiently, but also make them feel more confident while doing it.
There is no one way to handle cybersecurity training and education. Recognizing this, Fortinet offers a range of training curriculum through its NSE Institute programs, comprised of the NSE Certification program, Fortine
For CISOs to see success, they must start by evaluating their employee's skills, capabilities, and experience, identify where the most need lies, and then build custom programs that include internal and external training, the selection and mentoring of internal candidates, and then filling gaps through specific hiring strategies. While some may require an introduction into the basics of the threat landscape, others may have the background knowledge required to master complex network security concepts.