After surveying over 800 senior IT and business professionals concerning their organizations’ IT spending plans and priorities over the next 12 to 18 months, ESG reported that: “Cyber security is one of the top areas of IT skills shortages.”
This is the seventh year ESG has asked senior IT decision makers about the areas in which they have a problematic shortage of IT skills and cyber security has topped the list each year. Specifically, more than half (53%) of respondents cite cyber security as an area in which they have a skills shortfall, and it’s important to note that the widespread skills shortage is appreciably higher than the next reported area of skills shortage, IT architecture/planning, at 38%.
“The on-going acute shortage of cyber security skills is about more than the large number of open cyber security positions, it’s also a function of the specific skills required to secure an increasingly complicated environment inclusive of mobile knowledge workers and the extensive use of public cloud services,” said Doug Cahill, Group Director and Senior Analyst for ESG. “In addition to higher education programs, advances in automation and machine learning to improve efficiency, and cyber security services are front and center in addressing this perennial cyber security challenge.”
As such, at last year’s RSA Conference Karen Worstell guided attendees through a unique exercise: walk around the room three times and each time take on a different persona. Attendees walked around once as themselves, once as someone from a demographic opposite of them, and once neutral (that is, projecting as little personality as possible).
Designed to introduce empathy which is typically unfamiliar in a group setting, the feedback from the diverse group was consistent: it’s exhausting walking around as someone you’re not. Yet, whether intentional or not, that is what is asked and expected of individuals in the business realm on a daily basis.
“That’s what we do in the cyber security world; we bring people in with a variety of backgrounds and expect them to take on a certain persona to fit in seamlessly,” says Worstell, founder and managing Principal of W Risk Group LLC. “And, that’s when energy levels and productivity drop drastically.”
See Related: “Security Advocacy: A Must for Today’s Enterprise”
At this year’s Conference, Worstell is taking her talent, diversity and inclusion focus a step further with a half-day seminar on Solving Our Cyber Security Talent Shortage, to be held Monday, March 4, 2019. The session includes prominent leaders from a wide variety of organizations working to combat this issue. At a time when the talent pipeline for talent is strong, and when problem solving, innovation and productivity are at an all-time high, why are so many cyber professionals leaving the industry mid-career?
Additionally, Worstell will explore the percentage of women in the workforce, which is also contributing to the shortage.
According to Cybersecurity Ventures, “With 3.5 million cyber positions expected to be open by 2021, the question of ’how do we fill them?’ does not have a simple answer, and requires innovative approaches that include culture, inclusion, equity and diversity,” Worstell says. “Part of our message to cyber companies is: you’re in a talent war and turnover is costing you millions of dollars a year, so you need to be a talent magnet and retain them. To ensure all this amazing tech we have available actually sees the light of day, we have to solve this problem.”
Worstell’s goal for this session is that decision makers from companies on the cusp of addressing the talent shortage walk away inspired and take back tangible actions to their companies.
Advice From A CISO Leading The Charge
Emily Heath is United’s Vice President and Chief Information Security Officer. In this role, Heath oversees the airline’s global information security program as well the IT regulatory, governance and risk management functions. She also serves as a Board member for the Aviation Information Sharing & Analysis Center (A-ISAC) and the National Technology Security Council (NTSC). She is also on the Board of Advisors for a venture capitol firm, Cyberstarts and is a Board member for the cyber security non-profit organization the Security Advisor Alliance.
Originally from Manchester, England, Heath is a former Police Detective from the UK Financial Crimes Unit where she led investigations into international investment fraud, money laundering and large scale identity theft cases, running joint investigations with the FBI, SEC and London’s Serious Fraud Office.
“Cyber and information security is such a complex function,” Heath recently wrote. “Security teams not only need to understand how their businesses runs, but understand the technical landscape of their company’s infrastructure, applications and networks while staying up to date on the ever-changing landscape of security technology and threats. Additionally, they must align themselves with government and law enforcement agencies, understand how to investigate incidents, assess risk, dissect applicable laws, educate employees, communicate with board members and senior leadership within their companies and act as a liaison with external media, just to name a few functions.”
Heath believes that such a broad scope means cyber teams need a broad range of skills, creativity and diversity in thinking. “When you think about it this way, it stands to reason that cyber teams should be among the most diverse teams at any corporation, yet it’s staggering when you see that, on average across the U.S., only 10% of cyber security professionals are female and a mere 12% represent a minority group.
See Related: “Cyber Security Continues To Drive Tech Spending in 2019”
Therefor, Heath will pull from her first-hand account of tackling this issue head on within United Airlines, leading to a significant increase in the size of her team, all while shrinking the diversity gap. Heather reported as of July, 2018 that United’s security risk and compliance team “is now 48% female and 42% minority, represented by 25 nationalities and talented team members from a wide variety of backgrounds and experiences.”
“We’re proud to be leading the charge and smashing those norms and it is my personal hope that one day our statistics will themselves become the norm,” she added. Here are three things they did to put the diversity of the team up front and center:
- Openly and deliberately shared their mission to the entire team and made diversity and talent planning part of their goals.
- Made it mandatory for all hiring managers to have a diverse slate of candidates.
- Partnerships were another key part of their strategy, internally with HR and diversity, and inclusion partners, and externally with nonprofit groups and colleges.
More Monday Highlights
There are three receptions in store for Monday, which are open to all passholders:
- The opening Welcome Reception will take place from 5-7pm in the North and South Expos.
- The RSAC Women’s Leadership Celebration Reception will be held from 4:30-6pm in Moscone South and will celebrate the contributions and rich history of women in science and technology.
- And for Conference newbies, the First-Timers Orientation & Networking Reception will help you navigate the week. It will be held 4:30-6pm in the Marriott.
The RSAC Innovation Sandbox Contest in the Marriott Marquis will take place from 1:30-4:30pm. Here, 10 finalists representing cyber security’s boldest new innovators will be facing off and delivering three-minute pitches demonstrating their groundbreaking security technologies.
At DevOps Connect: DevSecOps Day @ RSAC, you'll hear stories from DevSecOps practitioners explaining how they made the cultural transformation from legacy development and deployment processes to integrated systems that include security as a part of the process. This full-day series of first-person talks at Moscone South will give you a perspective on how you and your team can enable faster application development with more rapid deployment to production, while integrating security into your DevOps initiatives.
And of course, the new seminar titled Solving Our Cybersecurity Talent Shortage, during which you will hear from leaders addressing the cyber security talent shortage problem by driving innovation with culture, inclusion, equity and diversity. This seminar will take place from 8am-12pm in Moscone South.
Mixed with speaker engagement and Q&A sessions, the seminar will address these themes head on with topics such as:
- The Why: The DEI Divided
- The How: Retain and Recruit a Diverse Talent Pool
- The Who: Is This Responsibility Yours, Mine, or Ours?
Be sure to check back at CSHub.com over the next week with more highlights and ongoing coverage from the RSA Conference floor.