Why you can’t find a good CISO for love or money (but we have a solution…)

Are you one of those poor firms out there trying to hire some in-house cybersecurity expertise? Whomever you’re looking for – be it a senior representative, like CISO or CTO, or an IT administrator – we bet you’re having a hard time.

Even firms like TBG Security, where we can offer cutting-edge expertise, training and tools as well as a competitive remuneration packages, have to look really hard to find serious cybersecurity talent.

Want to know you are having trouble landing great cybersecurity talent? It’s dry out there folks. When it comes to cybersecurity expertise, the proverbial talent pool is critically low on reserves.

And of course the pressure is on. More regulatory bodies are demanding that firms organise proper cybersecurity defenses and counsel, adding to the pressure to find good talent fast.

Research findings

New research from ISACA in volume 1 of State of Cyber Security 2017 finds that many firms out there are frustrated with the search.

Among its key findings highlighted in the ISACA reports:

• More than a quarter of enterprises say it takes six months to fill cybersecurity positions.
• Around 60% of enterprises get at least five applicants per cyber security position, but most applicants are unqualified.
• More than half of the enterprises see practical hands-on experience as most important.
• Enterprises consider personal endorsements and formal education to be the least important cyber security candidate qualifications.
• Close to 70 percent of enterprises require applicants to have security certifications.

This is not good. An average six-month search to land an average of five applicants, most of whom are unqualified? Depressing. 

And the future is looking bleaker still. Just last week, The Center for Cyber Safety and Education said that by 2022, there will be a shortage of 1.8 million information security workers.

A solution to the cybersecurity hiring problem

OK – so we need to provide some alternatives here.

• Outsource your cybersecurity responsibilities. Find a reputable security consultancy. When it comes to securing systems, people and data, many companies just don’t have the proper expertise in-house. Poor implementations costs time, resource and money, and can still leave you vulnerable to digital attacks. Even if you need IT security consulting for a specific project only, it is worth bringing in the experts.
• Train existing staff on cybersecurity. Even if you outsource your cybersecurity responsibilities to an expert third party, we strongly recommend that someone internally start to receive cybersecurity training. As the shortage is predicted to last for decades, you’ll be in better stead than your competitors.
• Understand your responsibilities. Even if you do not have proper cybersecurity counsel on hand, your organization and its stakeholders can be liable for not providing adequate protections. Make sure you are familiar with federal, state and industry-specific regulations.

Introducing TBG Security’s CISO on Demand

TBG Security’s CISO on Demand offers clients CISO services on an as-needed basis. Our CISO on Demand team is made up of experienced, senior IT security professionals with in-depth business knowledge to scope, assess, test, communicate, manage and implement your organization’s security policy.

Services include:

• Creating or updating the IT Security policy
• Managing IT risk against business goals
• Meeting regulatory compliance
• Reducing overall risk posture
• Securing sensitive data
• Cybersecurity training
• Implementing services such as Splunk
• Providing regular stakeholder-ready reports

For more information on how TBG Security can help your organization with your information security initiatives please visit https://tbgsecurity.com.