[ This article was originally published here ]
spoiler alert: The obvious answer is not always the correct one!
The migration of services, applications and data to the cloud is both promising and challenging. The benefits of scalability, flexibility, reduced operating costs, and support for a hybrid workforce can be wiped out by cloud security challenges and the talent gap. Those two challenges are closely intertwined, as numerous surveys have shown.
For example, it indicates that:
- 93% of organizations are moderately to extremely concerned about the massive skills shortage of qualified cybersecurity professionals.
- 57% admit that this lack of staff experience makes cloud compliance a challenge
- 56% of respondents believe that cloud security capabilities are the most essential talent for their organizations.
However, the problem is not just a matter of a lack of knowledge to securely manage and configure multiple cloud platforms. It is also a matter of bad hiring practices. Organizations often don’t understand what they’re looking for, resulting in hiring mistakes. Cyber security job descriptions are often criticized for having unrealistic demands when hiring new employees.
According to recent data from the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG), 29% of professionals surveyed said their HR departments are likely to lay off candidates unqualified because they lack essential cybersecurity capabilities. And 25% reported that job openings at their companies tend to be unrealistic and require too much experience, certifications, and technical skills.
“Job descriptions need to get better. They need to focus on the right things; they can’t ask for 10 years of Kubernetes experience when the platform has only been around for six years. There are numerous examples of these job descriptions containing such nonsense.” , corporate information security officer and public speaker on cybersecurity.
The problem can become even more perplexing because HR departments typically hire based on qualifications, not aptitude as well. As cloud technology evolves, security professionals are investing time and money to improve their skills. Many of them are self-taught, demonstrating the aptitude necessary for success even though they lack specialized certificates. Even if a candidate has years of experience in the field, her application could be rejected if Human Resources does not believe she has the necessary qualifications. But could helping employees on their journey to gain the necessary qualifications open up the talent pool?
All the facts indicate that organizations should consider changing their tactics to effectively support their organizations. Requiring five years of experience for an entry-level position won’t work, nor will a box-checking exercise that requires certain qualifications up front in an industry where new threats require ever-evolving skill sets.
In it, Alyssa Miller explains how a barista might possess the necessary skills to succeed in a cybersecurity career. “Much like a barista, I’m looking for someone who is adept at synthesizing many inputs into jobs, then prioritizing and carrying out those activities. That’s what I ask of a SOC analyst,” she says.
This will require a change in perspective regarding hiring. Companies cannot assume that experienced cloud security professionals will appear out of nowhere and collect a starting salary. Companies need to recognize that they need to start recruiting people early in their careers. They may have less experience, but they are willing to learn and will become a valuable investment in the company.
By broadening the search for cybersecurity personnel in this way, organizations have a greater chance of diversifying their workforce. Fair . Companies that emphasize creating a fairer, more diverse and empowering workplace could reverse this trend. Diversity can help improve cybersecurity for everyone by bringing different perspectives and considerations into the room.
In addition to looking for attitude and diversity, it is also time to rethink your recruitment strategy and how to make it more attractive and striking. “Tweaking job postings and presentation to make your team look inventive and modern can attract more qualified people,” Gartner Research Director.
Part of making a job opening attractive is determining the basic criteria for the position and just listing them. Requiring intermediate to advanced certifications in cloud security for junior positions would lead to open positions and unhappy understaffed teams.
Finally, it’s always a good idea to look for candidates within your organization. Look for people outside of IT whose skill sets could be beneficial to your team or “refocus” people from other IT specializations. When external talent is hard to discover, it may be preferable to develop internal talent. This can be accomplished by providing professional development opportunities or funding new certifications and courses.
HR teams can play a very important role here by challenging and supporting organizations to consider a broader pool of candidates.
Due to the rapid evolution of technology, the continuous development of talent is essential. Individuals have the opportunity to learn and advance their careers by adopting a robust training and refresher program, while organizations can gain a competitive edge in the industry by nurturing internal talent or attracting new talent with a rewarding training program. .
If companies want to retain security experts, they must offer opportunities for advancement and skill development. Offering these skills upgrading and upgrading opportunities will also build experience, eliminating the need for recruiters to search for it initially.
In addition to improving their vendor-specific technical skills, organizations should invest in expanding their expertise in cloud security frameworks and procedures. This is the added value of vendor-agnostic certifications in cloud security, such as . The purpose of these certifications is to ensure that cloud security team members stay current on cloud technology. Professionals will study techniques, procedures, and programs that focus on technology rather than specific vendor platforms, enabling them to be well-rounded and effective cloud security professionals and an asset to their organization.
If you’d like to learn more about how to avoid the most common mistakes when hiring cloud security professionals, and how (ISC)² can help you develop your technical skills, download our white paper “.”