Safeguard IT security expertise – before, during and after employment

There is today a palpable shortage in competence and resources within IT and information security. A survey commissioned by the Swedish IT and Telecom Industries trade organisation shows that there now exists a deficit of 30,000 IT experts in Sweden, and that this figure continues to grow. One major reason for the growing demand for IT and cyber security personnel is the increasing number of cyber attacks, connected devices and the vulnerabilities brought to light by digitalisation in general. We face then a significant challenge in the future, as we need more people with the right IT security competence than are currently available.

  • Another interesting issue touched on recently at the world's largest IT security conference, RSA Security Conference, is the lack of diversity in the cybersecurity industry. The industry is currently tilted towards technology and technological expertise. This largely attracts men, which has led to the industry gaining an overwhelmingly technologically-centric and male profile. At the same time, we see that the softer aspects, such as awareness and security culture, are gaining traction and requiring ever more focus from us in the industry. Traditionally, this could be seen as an area which should attract more women, and which also demands different types of competence than "only" technology.

So – how can we in the industry help to increase the number of experts, improve diversity and create a better delivery capacity and innovation within cyber security?

When we talk about cybersecurity in the context or organisations, personnel and access control, we consider three stages: before, during and after employment. Or joiners, movers and leavers. Can we think along the same lines when it comes to what we need to safeguard growth in our own industry and set better targets for ourselves?

Joiners/Before:

  • Recruit the right attitude to a larger extent than the right competence. For example, we would like to have employees who share our vision to contribute to a more secure society.
  • Formulate advertisements and offerings on the basis of what we want to achieve from a wider perspective, not just on the basis of a specific person's or role's competence. Aim to create a team which can work together to deliver what you require, but perhaps from different combinations from what you would normally expect. Doing so can help you to attract new, differing competences which create novel opportunities.
  • Recruit with the support of a long-term personal development plan which follows the company's strategic development. Give the individual a vision and targets in conjunction with employment which do not solely relate to competence.
  • Think outside of your own organisation. Create, for instance, an exciting trainee programme together with customers, partners, competitors and end users.

Movers/During:

  • Place your faith in employees and give them the opportunity to affect their own and the company's development. Create leeway for experiments, innovation and development through:
  • Thinking about cybersecurity in new ways to ensure employees' and the industry's continuous development.
  • Working with new types of business model which enable the potential for further development.
  • Close cooperation with other parties.
  • Diversity breeds creativity. Combine different types of competence, services and models for a more stimulating working environment and innovative offerings.

Leavers/After:

  • Be happy that your employees are employable and desirable. Their next job may be as your customer or partner. We are all needed to create a more secure digital society.
  • Make sure that they continue to spread the vision and culture that they have been a part of.
  • Create alumni networks to maintain social and professional contacts.

Finally, I read a fantastic quote from Dr. Jessica Barker: "A lot of industry professionals wear their 20-30 years of industry experience as a badge of honour, and so they should, but the problems haven’t been solved in the past 20-30 years. So we do need fresh perspectives and new ways of thinking. That experience needs to be combined with new talent and new perspectives."

That quote hits the nail on the head. Last week Jessica addressed the attendees of Paranoia in Oslo, along with several other inspiring speakers. A shining example of an exciting arena where we in the industry can meet, grow and exchange experiences.