| |March 20189CIOReviewIn order to be prepared for the anticipated increase in security breaches, organizations need to vigorously upskill existing employees must find a solution to the cyber security skills gap. Upskilling is a viable option, but an option that has to be weighed against the potential loss of the most developed employees.Considerations surrounding Cyber-security upskilling The inclination of IT profession-als to move into IT security pre-sents a great opportunity for or-ganizations to upskill existing IT staff. This would help lessen the burden on organizations in terms of the number of new IT secu-rity experts they need to recruit. If organizations are amenable to putting employees with an inter-est in IT security through certifi-cations such as CISSP (Certified Information Systems Security Professional) and CISM (Certi-fied Information Security Man-ager), both the organizations and the employees will be better equipped for the future.So, how does an organization optimize the practice of upskill-ing for its IT security employees?Firstly, an organization ought to re-examine its workforce strat-egy. Does it know what skills it requires in the foreseeable future to operate a successful security program? Organizations must realize that skills and experi-ence can come from a variety of sources, and adjust their hiring strategy accordingly.Secondly, organizations need to improve their outreach and engagement. Organizations must think beyond the usual career fairs and recruitment plans of the past. There is a pressing need to develop other educational pro-grams and to start building a firm recruiting base. It is impera-tive to build a local cybersecurity ecosystem by connecting with government organizations, edu-cational institutions, and other concerned groups. Thirdly, it is important for organizations to have a robust support program for employees. Mentorships, rotational assign-ments and other such opportuni-ties help cybersecurity employees gain experience and learn. Or-ganizations now need to keep employees involved by grant-ing them the creative freedom to work on different projects and discover new technologies and services.Finally, there needs to be an emphasis on continuous learning and upskilling. Numerous on-line courses on cybersecurity are available today and organizations should leverage them to upskill employees in a flexible and cost-efficient manner. A field as dynamic as cyberse-curity requires constant education and exploration. Organizations ought to also be open to employees from other areas of their business who express interest in cy-bersecurity career paths.There is an indication these days that the industry is responding to the shortage of skilled cyber security professionals by upskilling existing staff. It is also encour-aging to see the number of IT profession-als who wish to transfer into cybersecuri-ty, which could help bridge the skills gap. In order to be prepared for the anticipated increase in security breaches, organiza-tions need to vigorously upskill existing employees, and also educate all other staff in the organization as to the importance of security. Ravikumar Sreedharan
< Page 8 | Page 10 >