Bytes Cyber Journal: Entry 9 - Addressing the Cyber Security Skills Gap

Friday 20th September 2024

 
Toby Noble
Cyber Security Solutions Lead
Author
 
Georgia Moore
Marketing Executive
Editor

Addressing the Cyber Security Skills Gap

Finding a force multiplier for your business

 

With the latest figures indicating a shortfall of 4 million people in the cyber security industry, it’s proving harder than ever to find and retain talent. The industry has a monumental challenge on its hands to address this concern, from attracting more diverse crowds into cyber careers, to educational reform in schools, colleges, and universities.

In this blog, however, we won’t be looking to boil the ocean. Instead, we will review the real impact this is having on organisations like yours, and the steps you can take to maximise the resource you already have, alongside discovering allied resource that will bring new skills and capabilities to the table.

 

The Challenge

In addition to the talent shortage, we’re seeing the compounding result of CISO burnout with 88% claiming to be under moderate to high stress (Nominet).

According to a recent study from PwC, the average job tenure of a CISO in 2024 is just 26 months.

On top of this, the vast majority are still experiencing shortcomings in budgets being aligned to cyber security projects.

This all makes for a challenging landscape and in recent years cyber security professionals have had to get creative to keep their heads above water. With budgets being scrutinised more than ever, and technologies typically implementing annual price increases, it has led to organisations have to do more with less. In the context of the cyber security skills gap, budget is also a considerable factor, as organisations look to pay competitive rates for top talent. Retention is a cause for concern as well, as larger organisations offer more competitive packages and training programmes for career development.

 

What To Do Next

It's not all doom and gloom. There are ways and means to combat this while governments and enterprises address the systemic issues at hand. Here are three areas to consider:

Managed Services

The vast majority of companies around today, perhaps yours included, cannot sustain 24/7 monitoring of their own networks. It’s a costly exercise least of all, if you’re lucky enough to be able to find the qualified individuals to facilitate this.

When thinking about managed security services there are usually at least two ways of moving forward.

Vendor-led services:

Depending on the area of security, often vendors are able to provide managed services of their own products for you, for an annual fee, usually wrapped up into your license purchase or renewal. The upside to this approach is that you can consolidate the purchase into one (potentially existing) contract, no need for additional legal reviews, NDAs, or financial agreements. There is also an assumption here that no one would know the technology better than the vendor themselves, right? So who better to manage the solution for you.

The downside to this approach is when you’re looking for a more all-encompassing managed service. If this is more appropriate for your organisation, then the recommendation would usually be to consider third-party managed services.

Third-party managed services:

This can be a great option for organisations looking to detach service provider from license provider. Third parties have the potential to provide a wider breadth of knowledge of security solutions and the security market, and often are recommended by vendors themselves to take on the managed services of their solutions.

Bytes are a prime example here. If we were to look at network security technologies like Check Point, for example, we’re able to offer straight to 3rd line engineer support through our SPARC service and can resolve the vast majority of issues without having to back off support to the vendor at all.

Technology Rationalisation

Cyber security tech companies are on board with assisting you to do more with less. Many are investing and developing in the direction of a ‘platform play’, making a notable shift away from the prominence of point solutions that we saw coming out of the 2010’s. We are seeing further enhancements from vendor integrations too, which lends itself towards consolidation and collaboration between technologies. My colleague, Ross Kirkland, wrote about this subject through the lens of Zero Trust:

Bytes Cyber Journal: Entry 3 - Unlocking the Power of Consolidation & Collaboration

This can be a valuable strategy to free up time for your security team, resulting in less system management overheads, less contract complexity, and greater familiarity with the toolsets in use.

Build Vs Buy

Building out your own team has all the challenges previously mentioned: a limited talent pool, an aggressively competitive market, all resulting in retention issues.

Engaging with a partner enables you to hit the ground running with a team of seasoned experts.

Often, service providers have a minimum threshold on years of experience for their team members (usually 5 years), so you can feel confident that you’re in safe hands.

If building out your team or the capabilities within your team is more suitable for you, we will often find that technology vendors will have their own online learning platforms (or universities, but you won’t get a degree out of them!). These can be a great way of skilling up your team in your core technology stack and access to these platforms, usually paid for, can often be negotiated by Bytes into contract terms at the point of purchase or renewal.

Direct Action

If you are looking for inspiration on how to get directly involved in tackling the root cause of the severe skills gap we’re facing, then Tech Channel Ambassadors provides an excellent example (Tech Channel Ambassadors | A Community Interest Company). TCA are a community interest company that look to intervene and educate at primary and secondary stages of education, with the goal to close the skills gap by 100,000 individuals.

By informing at this early stage of students’ lives, TCA aim to dispel the myth that you must be a world-class coder to get into technology, whether operating in End User companies, engaging at vendor organisations, or operating anywhere in between in the vast channel ecosystem.

How Bytes Can Help

In this blog we have covered off a few angles to address the challenging landscape of the cyber security skills gap. If it is an area of concern or something on your roadmap to address, Bytes are here to help.

For managed services, it’s important to find the option best suited to your organisation: vendor-led or third party; finding the right partner, such as Bytes.

Through various engagements with Bytes, such as workshops in specific technology areas, or broader security assessments, we can help you make the right choice.

Technology rationalisation is a part of everyday conversation for the Bytes Security Specialists and we’re eager to help you maximise your existing investments, while making you aware of the most effective ways to plug any gaps left behind.

Thank you for reading.

If you have any questions, or would like to learn about any of the content covered in this blog, please email our friendly team via [email protected]


Want to keep informed? Sign up to our Newsletter

Connect