Hiring more ‘people’ is top of the list of needs to improve security in businesses this year, according to findings from Tripwire.
The firm surveyed 108 pros at Black Hat USA last month and revealed that more than two-thirds (70%) of respondents who said ‘people’ consider hiring ‘experienced professionals’ as a priority whilst 30% said that they were willing to hire inexperienced individuals and train them on the job.
Organizations are clearly still struggling to cope with a lack of staff amid the ongoing cyber skills gap, something that looks set to continue over the next few years. It is therefore not a great surprise that companies see bolstering workforces as key to strengthening their security.
“I think this is an acknowledgement that technology will never solve the problems we face,” Adrian Davis, managing director EMEA, (ISC)2, told Infosecurity. “Security is people and is about creating processes, mind-sets and environments where individuals can work to their best in a secure manner (often without realizing it). People are essential to creating these processes, mind-sets and environments and it is these that have a much higher impact than technology.”
Therefore, as Nigel Harrison, acting CEO at Cyber Security Challenge UK explained, it’s encouraging to see that almost a third of companies would consider taking on less-experienced staff and giving them the training they need to succeed.
“In my experience, when looking at job adverts, companies quite often end up over-specifying the qualifications that they expect their security team to have at the outset,” he said. “Indeed, there have been many cases of companies advertising entry-level roles and demanding qualifications which cannot be achieved without a number of years of experience in the industry.
“The key skills that companies should be looking for from those that they hire is aptitude and mind-set; if an individual has these traits then the rest can be taught.”
Davis echoed similar sentiments, stating that only by expanding the talent pool and looking beyond the ‘experienced professional’ will the industry be able to meet the demands placed on it and grow for the future.
“Additionally, this gives us the opportunity to recruit across a wider group of individuals and experience, expanding our knowledge base and bringing in new ways of thinking and tackling problems,” he added.