How Can Businesses Close 'The Cybersecurity Gap'?

Companies can't find enough qualified security personnel, and fixing it requires "a fundamental shift in how businesses recruit, hire, and keep security talent," according to a VentureBeat article by an Intermedia security executive: The trickle of security students emerging from post-secondary schools may not be fully prepared to tackle complicated security issues -- what we need are people who can protect businesses environments from everything from spam and BYOD vulnerabilities to complex threats like APTs and spear phishing. Second, certain companies may not know what to look for in a professional. Third, when skilled professionals are hired, they can often be overworked to the point where they don't have the time to keep up with the latest developments in the field -- and even in their own security tools... The fundamental problem facing the skills gap, however, is that there aren't enough people coming into the field to begin with. Here, companies need to do two things: step-up their advocacy when it comes to promoting cybersecurity careers, and look internally for employees who have the skills and desire to take on a security position but need the training and support to succeed...

Finally, businesses need to recognize that security threats today go well beyond just one department. Every employee should be responsible for knowing what to look for in an attack, how to report a suspected threat, and how they can simply disengage from content and files they deem suspicious. Basic security training needs to become a part of the onboarding process for any employee -- especially for those in the C-Suite, where a greater number of spear-phishing attacks occur.
The article also cites a study which found "about a quarter of all cybersecurity positions are left unfilled for about six months."

More H1B's anyone?

[johanw]

It doesn't matter if they know nothing, as long as the manager gets his bonus and is gone before the fallout of their crappy work becomes clear.

Re:More H1B's anyone?

[swb]

My first thought was how can businesses possibly be considered to taking IT security seriously when their first and only impulse is how to do things even cheaper than they do now?

I'm still amazed at the dichotomy between shaving pennies and then the utter panic when there is downtime or a security breech. If its so important that you basically can't do business without properly functioning IT systems then why is it treated as if they don't want to spend money on it? Do they really think it's free?

H1Bs are of course just one example of this mindset.

Re:More H1B's anyone?

[phantomfive]

When was the last time your agile sprint gave you time to look for security problems?
When was the last time any manager told you to look for security problems?

That's why we don't have secure software.

I have the answer and it is a SIMPLE answer.

[Lumpy]

Want to close the Cybersecurity gap? It is very easy.

STOP BEING CHEAP ASSHOLES AND START PAYING FOR REAL SKILLED IT PROFESSIONALS.

This means the IT department on it's own Makes MORE than the CTO does. Yes the guys that are actively fighting the bad guys deserve a LOT more than the waste of space in the executive seat. Quadruple your IT budget, Start actually buying real fucking equipment and real security suites and software. Hire PROVEN EXPERTS that cost a lot of money.

InfoSEC that is effective is NOT CHEAP. Stop treating IT as the bastard red headed step kids. and start treating them as the Mission Critical staff they really are.

That and kick the CTO and CFO in the nuts, both those assholes deserve a good hard kick in the groin any time they suggest cutting the IT department's budget. If you hire and pay for the best, then you don't have the security problem that the companies that try and half ass it by paying as little as possible.

These executives know this, they just dont want to do it. and until they start making executives personally responsible for data breaches, it will not change. Yes personally responsible, if these assholes can get multi millions then they also deserve to carry all the personal financial risk.