Faced with a perceived shortage of skilled talent, it’s time change the approach, distribute the workload, and get people to pitch in so we can focus on the valuable security work that demands our attention
At the Black Hat USA Conference in July, Tripwire surveyed 167 attendees to find out the one thing they would change to improve security:
- 44% would increase the number of highly skilled security professionals
- 32% would increase their budget
- 24% wished for executive buy-in to security goals and objectives (note the wording)
The desire for additional professionals matches other reports and claims for the last few years. It seems like the largest challenge to the industry and companies working to improve their security posture is a stunning lack of competent professionals able to do the work.
Be kind, for everyone you meet is fighting a hard battle. — John Watson
When in the trenches, overwhelmed, and burning out, the mountain looks insurmountable. The majority of the teams I work with start early, end late, and put time in on weekends. Most days are spent reacting and bouncing between meetings.
With that daily experience, the conclusion seeking more people seems reasonable. If only we had more skilled professionals, more budget, or more buy-in, everything would be okay.
We don’t need more security professionals. We need to distribute the workload, shifting responsibility to others to free up resources to tackle new challenges. Ultimately, those new solutions get pushed out to others, too, in a natural, healthy cycle. Adopting an approach like this means the security team can prioritize and focus on more challenging (and interesting) issues, increasing the value provided to the organization.
Read my suggestions at: How to fix the looming shortage of skilled security professionals