Our economy is taking an enormous hit and while cybersecurity professionals are weathering this storm better than most, the need for cybersecurity professionals continues to increase. In fact, from January through March 2020, the U.S. economy suffered one of its worst economic downturns since the Great Recession in 1929. The Federal Reserve is predicting an even worse second quarter as we all do our part to prevent further COVID-19 outbreaks.
As a result of our suffering economy, organizations both large and small will be forced to make tough decisions relating to their workforce -- and we’re already seeing the implications of these difficult decisions. According to the U.S. Department of Labor, 22 million Americans have filed for unemployment benefits since March 14.
The unknown has always been a constant factor for business operations but mix in a global pandemic and a recession, and you’re dealing with an entirely different set of unknowns. As leadership unpacks these decisions, they should also consider how teams can utilize internal talent throughout various departments, specifically filling in cybersecurity roles at a time when IT security defenses are needed most.
Look Within: Repurpose Internal Talent
Infosec practices, policies, and professionals are a must for the future of any business, regardless of size, especially during a time when business operations have gone virtual worldwide. Despite its importance, the massive skills gap in cybersecurity continues. It is widely reported and acknowledged that there is a global need for security professionals, with the International Information System Security Certification Consortium (ISC2) recently estimating that there are 4.07 million global security positions open and unfilled.
Instead of rushing to hire and onboard new talent during an unpredictable economy, organizations should first look at their internal talent and determine what skills can be repurposed to assist with the need for stronger cybersecurity. An example of a role that is highly skilled for these purposes are quality assurance (QA) professionals. The parallels in the type of work and synergy of skills between QA and infosec pros are strong. Members of both groups are intellectually curious, understand externalities, and are highly collaborative. Communication is also a critical component of both roles, so before outsourcing new talent, it’s possible a QA professional could become your next top performer in infosec.
The Resurgence of Outsourced Technology
Historically, examining significant events of the past 20 years, specifically, September 11, 2001 (9/11) and the 2008 global financial crisis (GFC) it is important to realize that both major events accelerated technology shifts. In the aftermath of 9/11, organizations achieved labor arbitrage through the use of offshore business partners. With the GFC, two technology categories clearly emerged as a need to manage and control CAPEX; open source software and server virtualization in the data center.
Fast forward to today’s COVID-19 pandemic, and it has become clear that many businesses can’t keep up with fighting against cybercrime — both from an infosec headcount and financial perspective. As a result, we can expect to see more organizations make the move to outsourced technology, specifically, to managed security services (MSS) as an effective way to help attain cybersecurity efficiency within budget. In fact, a recent report found that organizations that had a higher rate of cybersecurity maturity were more likely to use an MSSP to operate any aspect of its information security environment when compared to companies who were less mature in cybersecurity risk posture.
Organizations of all types want and need to be able to innovate safely and deliver value for their customers. As business models shift and change due to the impact of an uncontrollable pandemic, this need for innovation of core competencies will become a mandate. Another mandate will be the need to reduce the complexity and cost of fighting cybercrime. Marrying these two mandates means that security practices and functions will have to move to an MSS model in order to remain competitive.
As businesses move to focus on core competencies, a move to MSS is logical and practical. The need for infosec professionals will remain strong, the difference is the company they will work for. In the future, MSSPs will employ the majority of infosec professionals because it will be a trusted solution to decreasing the skills gap.
Sometimes, for the better or worse, technology shifts occur during times of need, and we are on the verge of such a transition. Times like these serve as a forcing function for issues that have yet to be solved, such as addressing the skills gap within cybersecurity positions or looking at which services can be outsourced to experienced and knowledgeable external professionals.
In these unprecedented times, companies should be creative, such as repurposing pre-existing roles or seeking the benefits of an MSSP. It may seem uncertain now, but we will make it out of this together and stronger – we are resilient!