All infosec teams have been under huge pressure lately and good CISOs acknowledge that and look for ways to help staff handle the stress
Mark Ward, Senior Research Analyst at the ISF
When the COVID-19 pandemic hit in March, cybersecurity priorities changed nearly overnight. Instead of trying to protect employees and data within the confines of corporate offices, workers scattered to remote and home offices, taking devices with them and trying to connect to corporate networks with less-than secure connections.
Despite these challenges, there’s hope among security professionals, especially CISOs, that 2021 could jumpstart a change in cybersecurity. For cybersecurity experts, technologists, and executives, now is the time to prepare.
Tech Skills Vs. Soft Skills
For many in the cybersecurity field, the types of skills that security professionals need next year will break down between “hard” technical ones and “softer” people skills that can prove beneficial when working with other teams or communicating with C-level executives.
Rick Holland, CISO and vice president at security firm Digital Shadows, noted that even with increases in budget, security leaders and their organizations will not be able to recruit and hire their way out of the cybersecurity skills gap.
In addition to hiring cybersecurity talent with the right technical and people skills, Mark Ward, a senior research analyst at the not-for-profit Information Security Forum, believes that CISOs also need a management team to help execute on security plans for 2021.
ISF recently published a study on CISO priorities for 2021, and Ward notes that the analysis showed that security leaders need to hire deputies who specialize in three areas: incident response, contract management and human resources.
Incident response skills are needed to help blunt the effects that the pandemic has had on cybersecurity, as well as help organizations become more resilient to threats. This includes attacks from the outside or insider attacks that can result in breaches and other issues.
Contract management is another key, as organizations rely more and more on third-party suppliers that might not have the same security standards and need close monitoring and supervision.
Finally, human resource skills will matter as managing and securing remote workforces becomes more stressful and security teams increase their workload.
“All infosec teams have been under huge pressure lately and good CISOs acknowledge that and look for ways to help staff handle the stress,” Ward told Dice. “It’s an area few CISOs are good at naturally, so having a deputy or senior manager who is familiar with these issues ensures staff can cope, get the downtime they need and will aid retention. New security folks are hard to find and expensive to employ—far better to do well by the ones already in place.”