Corporate cybersecurity teams struggle to fill jobs

70% of nearly 11,000 cybersecurity professionals and decision makers surveyed by (ISC)2 say their companies lack effective cybersecurity staff. Nearly half said their teams didn’t have enough time to conduct a proper risk assessment and that there were oversights in certain procedures due to staff shortages, according to data released Thursday.

(ISC)2 chief executive Clar Rosso says this year’s economic pressures risk some companies seeing cybersecurity as a cost rather than a key to protecting their business. says. “We need to move to a place where cybersecurity is seen as a strategic imperative,” she said.

While the cybersecurity workforce shortage continues to grow, the number of people working in the region has increased by nearly 11% globally over the past year, adding a total of about 464,000 new professionals (ISC) I got it in 2.

Farid Illikoud, chief information security officer at French sportswear and equipment retailer Decathlon SA, said compensation could be a barrier to filling cyber jobs. “Cybersecurity professionals know how much we are worth in the marketplace. They also know how hopeless we are as a company,” he said.

Decathlon has become more flexible and creative in its search for cybersecurity staff, hiring 26 employees last year and more than 30 so far in 2022, Illikoud said. Last year, a store manager in Spain with no cybersecurity experience reached out to Iricoudo for advice on how to enter the space. The company paid for the evening classes and hired her as a cybersecurity officer to manage the four, he said.

According to Rosso, one silver lining of the recession is that companies may be more willing to hire and train entry-level cybersecurity staff.

Regulatory requirements may force companies to invest more in cybersecurity, Rosso said, citing a report from the U.S. Securities and Exchange Commission. Recent suggestionsThe draft includes requiring companies to disclose which board members have cyber expertise.

Many corporate cybersecurity leaders hire staff from other internal teams and provide specific training as needed.

“Maybe you can find a good engineer and teach them,” says CISO Steve Pugh.

intercontinental exchange Ltd,

It operates the New York Stock Exchange.

Hiring cybersecurity professionals is a long-term game, Pugh said, and efforts to expand its talent pipeline could pay off years later. We started working with a non-profit organization based. This non-profit organization trains people from non-traditional backgrounds in technology and cybersecurity skills. The company hired three of his students who came from home cleaning and physical security jobs and finished the program. “My dream is for one of these students to one day be his CISO,” he said.

Employee training requires companies to invest time and support, and many struggle to keep up. His 38% of professionals surveyed by (ISC)2 said their teams didn’t have time to train new hires because of a manpower shortage.

Businesses, in particular, have struggled to hire experts for technical roles in security engineering and cloud security, said Ben Aung, CISO of an accounting software company.

sage group

PLC.

“A year from now it will be worse than it is today, it will be harder than it is today. We will all be chasing the same mid-level veterans,” he said.

At an investment management/insurance company

Principal Financial Group Ltd,

According to CISO Meg Anderson, several members of the cloud security team have moved out of the company’s technology group. Employees on the Principal’s technical team have shown more interest in moving to cybersecurity than in the past.

Anderson said she has adapted to the demands of job seekers since the pandemic. Principal Cybersecurity About 43% of his team is now working remotely, up from about 20% before the pandemic.

“There is a lot of discussion about this talent gap in cybersecurity, but people always say, ‘How do we get into cybersecurity?’” she said.

write destination Catherine Stup Catherine.Stupp@wsj.com