See Yourself Succeeding in Security

by Gary Alterson, Vice President, Security Services, Rackspace Technology

See yourself in Cyber

 

Cybersecurity Awareness Month, held every October, is a government-private sector collaboration to raise digital security awareness and empower everyone to protect their data from bad actors. The month is dedicated to creating resources and communications about online security for organizations to share with their employees and customers.

Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact, co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA), with the overarching theme for 2022, “See Yourself in Cyber.”

Today, companies face multiple challenges in keeping their data secure, including a worldwide shortage in security expertise. Yet, with the ever-increasing rise in the number and severity of cyberattacks, leaders of most organizations support greater investment in cybersecurity processes, people and technologies.

When it comes to recruiting, the challenges can feel insurmountable. Every company is vying for the same small pool of security experts. Skilled security workers are not only in demand, their salaries are skyrocketing.

The Rackspace Technology® Cybersecurity Annual Research Report 2022 found that cybersecurity outranks other serious issues confronting the business world, including runaway inflation and chronic supply chain bottlenecks.

What does “See Yourself in Cyber” mean?

The theme of the 2022 Cybersecurity Awareness Month is See Yourself in Cyber. This is to encourage talent to join the technology industry and become a part of the cybersecurity field.

Currently, the two most common tactics for expanding the talent pool, include:

  • Recruiting students right out of school. However, it takes time to cultivate emerging talent to the higher levels of expertise needed in today’s challenging environment.
  • Recruiting on the open market. This is the process of seeking to hire talent away from other technology companies (aka, “poaching”). The most sought-after employees have a strong technology background and experience as a security architect, analyst, penetration tester or security leader.

For those interested in moving into the security field, there are several key areas in the most demand, including:

  • Security operations analysts
  • Threat analysts
  • Attack triage responders
  • Security technology managers
  • Penetration testing specialists
  • Security management experts

Cloud expertise wanted

One of the fastest growing areas in security is cloud security. It includes a starting-point question: "How do I build a secure cloud environment?"

Anytime you’re building an on-premise environment, there will be multiple factors that organizations need to consider, including:

  • Identity and access management
  • Zero Trust, the “never trust, always verify” area of security
  • Application security
  • Event detection and response

Meeting these requirements demands a high degree of automation, development and compliance experience.

Securing your environment despite talent scarcity

In our cybersecurity research survey, 54% of technology leaders confirmed that confronting the difficulties in hiring and retaining IT talent remains a major challenge. This leaves companies between a rock and a hard place. After all, how to you deal with the cybersecurity challenges if you can’t hire enough qualified security experts?

It becomes a two-fold solution for many organizations: Tooling and automation will help, but also leveraging consulting and managed services, which offer contracted access to a large talent pool, matters.

I've spoken with several companies around the country who hang on to the belief (pipe dream?) that they’ll be able to lure top security talent away from today’s largest technology brands. This is their firm stance despite the fact the big tech firms, based on both coasts, are willing to pay far more for security professionals than inland companies can afford. So, good luck with that strategy, I say!

Let’s be practical here — it makes much more sense to rely on service providers who can supply skilled, dedicated security people and proven security strategies. They have already built strong security teams and can deliver a skilled and cost-effective way to meet security staffing needs.

Quality and brilliance go hand in hand

We are working in an industry where quality matters. You could spend a lot of money in certain areas —and still not be successful.

To avoid mistakes and wasted investments that don’t pan out, organizations need to take a hard look at what level of quality they can bring to the security table internally — including quality expertise, data, detection and response, and controls.

Achieving the level of quality that will be needed going forward in security will mean changing everything — from company processes to quality controls. And when you move to the cloud, you’ll need to make quality-driven decisions about what you automate, how you automate and where you automate.

The best way to gain what you need in terms of security talent is to go where it already exists and is readily available to tackle your immediate and long-term security needs.

 

Gain more insight on how a third-party security team can make your security posture more effective now and in the future.