The information security advocacy group ISACA predicts there will be a global shortage of 2 million cybersecurity professionals by 2019. Most companies already feel this pain, some more than others, and lack a skilled cybersecurity team.
To deal with the tech workforce shortage, IBM is investing $1 billion into creating “new collar” jobs. These jobs prioritize skills, knowledge, and willingness to learn over degrees or work history.
“Critical technologies like cybersecurity, artificial intelligence and cloud computing are pushing the limits of traditional job recruiting, forcing employers – especially in the technology industry – to shift mindsets and explore new sources of talent to address our clients’ needs.” The tech industry is evolving, it’s about time hiring evolved with it
One foundational aspect of every cybersecurity program is Identity Management and Access Control. Identity & Access Management (IAM) is the control of who, what, and how users can access an organization’s data and systems.
Considering that the majority of data breaches are caused by improper access or mishandled credentials, it’s imperative for companies to build a skilled, in-house Identity & Access Management team.
Hiring a seasoned, experienced IAM consultant can be challenging. However, that pales in comparison to the difficulty companies have when building out their internal Identity Management teams. Why is it that so many organizations find it nearly impossible to locate and hire full-time IAM professionals?
The reality is that IAM/IdM is a relatively small, technical community, and the technology landscape changes quickly. Finding someone who’s a good fit for your organization and who has years of experience with your chosen IAM platform is a very tall order.
It’s not impossible to build a great in-house Identity Management team but it might require a different approach in your company’s hiring and training strategies.
I’ve found that organizations with great IAM teams share common traits and follow these actions:
1. These companies make sure their people are heavily engaged whenever outside resources are doing implementation work on their IAM systems. In many cases, these companies use the experience of an IAM implementation project as training for their teams.
2. They work with highly experienced outside experts to develop and document an IAM strategy and create a roadmap to reach those goals.
The strategies and roadmaps are refreshed regularly by asking questions like: Is this still the direction we want to take? Are we meeting our milestones along the way?
During these exercises, the entire team is included so everyone becomes familiar with why the organization is taking this course. These companies treat workshops as learning opportunities for staff.
3. These companies utilize all the training their platform vendors offer. They work with outside experts to develop training for their specific environments.
4. They encourage and provide opportunities for their people to develop ongoing relationships with peers in other organizations.
5. They understand their limitations and seek help early and often.
Since hiring someone with the skills and technical experience needed can be a longshot, the best approach is to identify people already in your organization who have the capacity and attitude to grow into this role.
“Some characteristics of a successful cybersecurity professional simply can’t be taught in a classroom: unbridled curiosity, passion for problem solving, strong ethics, and an understanding of risks.” Cybersecurity Has a Serious Talent Shortage. Here’s How to Fix It
Provide training for them at every opportunity. Build relationships with outside IAM experts who can provide mentoring and coaching. If coaching is not offered by your IAM services partner, perhaps it’s time to find a someone who can meet your company’s requirements.
Subscribe to our newsletter and follow @Idenhaus on Twitter.
Photo credit: Flickr
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us
