Security budgets are rising, but are they helping with challenges caused by the security talent shortage? This post offers insights from our recent security budgeting survey and shares ideas on how to deal with the security talent shortage in SecOps.
It’s no secret that there’s a shortage of talent in security. And it’s continuing to grow. Cybersecurity Ventures predicts that there will be 3.5 million open cybersecurity jobs by 2021.
Although organizations understand how important security is to the health of their businesses, it’s difficult to find the best and brightest to implement and maintain security programs. After all, the unemployment rate for cybersecurity is currently 0%, and is expected to stay there for several more years.
Cybersecurity professionals are in heavy demand. Conor Delanbanque, head of DevOps for MThree Consulting, recently told InformationWeek that the most sought after candidates are those who can develop CI/CD pipelines and also handle containers and their orchestration.
In our 2018 State of Security Budgeting Survey, 91 percent of respondents reported that they believe development is introducing risk to their organization. But is there enough staff to counter this risk? 66 percent agreed that their organization needs more help to find security staff capable of managing security products. For organizations using containers, 71 percent would like extra help.
In this post, we are sharing some ideas on how to cope with the security talent shortage in SecOps.
Allocate More Budget to Talent
In Threat Stack’s survey, we found that the average security budget is currently $651,260, and is set to increase by 19 percent in the next two years. Although security budgets are relatively healthy, much of the budget is being allocated to tools (most notably IDS/IPS and SIEM).
While many of these tools may help existing team members be more efficient (which is very important in a talent shortage), they may take away from funds that can go to hiring and retention efforts. Because there is a substantial talent shortage, it may be worthwhile to allocate additional budget to recruiting efforts, compensation packages, and retention plans for high-performing team members.
Hire for Talent, Not Tools
According to Delanbanque, one of the best ways to cope with the talent shortage is to hire for the way people think, rather than the tools they’ve used. “We want people who can work in high-performing organizations, who know how to break things on purpose to fix them and make them better,” he told InformationWeek.
Rather than hiring people with picture-perfect backgrounds, Delanbanque focuses on hiring problem solvers who can understand big picture concepts and learn tools quickly.
Michael Race, Head of DevOps at Salt Digital Recruitment, suggests hiring people with a genuine intellectual curiosity. He recommends finding candidates who have “a real intellectual drive about learning new things.” Hiring team members who fit this profile will ensure that they’re motivated to learn what they don’t know.
Increase the Efficiency of Your Existing Team
In such a competitive environment, it’s difficult to immediately find top talent who can positively impact your organization. That’s why it’s essential that you increase the efficiency of your existing team.
This means finding tools that can make your team more productive, as well as implementing processes that bake security directly into DevOps workflows without slowing teams down. For example, companies can use Threat Stack’s Cloud SecOps Program℠ to evaluate their current processes, develop new ones, and leverage Threat Stack experts as an extension of the existing team.
More Budgeting Trends…
The talent shortage is just one of the topics covered in our recent survey on budgeting trends in SecOps. Whether you’re satisfied with your current budget or would like it to grow to accommodate additional staffing, take a look at The 2018 State of Security Budgeting Report to see how your organization stacks up.