Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The Great Cybersecurity Talent Migration has Begun, Here’s What you Can Do

The macro-economic consequences of COVID-19 have reached cybersecurity and the talented people who keep us secure. In some sense, invisibility is a hallmark of good cybersecurity, back-end operations running smoothly and keeping the assets, operations and reputation of an organization from harm. But this invisibility is built on proper resourcing, and in the last 18 months, we’ve seen a progressive erosion of the human resources behind successful organizational cybersecurity.

Let’s Call This the Great Talent Migration

At any given time, there are a limited number of top cybersecurity professionals. When you add border closures, data sovereignty concerns, reduced student numbers in the pipeline and the incredible systemic network stressors of work-from-home, you basically create a situation in which burn-out is high and talent demand is even higher.

The consequence is a large number of organizations fighting for a very limited number of professionals. On the surface, an organization might look like its business-as-usual, but behind the scenes, it is scrambling for critical resources, with the end result being both short- and long-term consequences for the organization’s security and our society’s collective security.

Moreover, business confidence is rising in Australia and globally, accelerating the trend because job availability increases even more. Then there are record levels of employee fatigue. Worldwide Gartner research this Sept showed 34% of human resources leaders are significantly concerned about employee turnover, rising to 91% increasingly concerned as the economy improves in the coming months.

At the same time, some cybersecurity experts are opting to leave their career due to the aforementioned burn-out, a reprioritization of their personal goals due to the pandemic (the “great resignation” anyone?), or a shift in participation due to life stages. From recruitment to internal development, incentives and culture, what levers have the most significant impact?

So How Do You Attract and Retain Talent in this Environment?

Cyber specialists will search for employers that support remote work, have interesting projects that enrich their life experience, and organizations that actively appreciate their efforts. And not just through financial bonuses, but as a culture that supports them and their growth. Creating a culture that fosters inclusivity, openness, diversity along with creating a fun environment will be essential to retain your current staff.

Locally and now globally, Trustwave has set up a Diversity Network Initiative (DNI) designed to drive diversity and inclusion awareness through education and programs to make our organization a great place to work and a great team with which to conduct business. Our DNI has five streams of focus: 

  • Gender
  • LGBTQIA+
  • Indigenous
  • Culture
  • Well-being & Mental Health

Trustwave currently has a laser-like focus on gender within the business, and I’m proud that 50% of our local leadership team are women. DNI has also run mental health sessions, including gathering stress release tips from an organization that offers therapy dogs.

A critical element of retaining talent is openness. Fostering a culture of open dialogue between all levels of the business ensures staff knows the mission and how we’re going to get there is critical. Our “Ask Us Anything” open forums give employees a chance to ask leaders anything. It is often business-related, but not always so.

We’re celebrating big wins and small ones along the way. Recognizing contribution is not just monetary - Trustwave has a Cheers portal where anyone can call out a teammate or a far-flung employee who makes a difference to their task, day, or experience. This shout-out helps connect us all.


17242_minimizecybersecurityskillsshortage-cover
WHITE PAPER

How To Minimize the Impact of the Cybersecurity Skills Shortage

Organizations across the world have unfilled cybersecurity vacancies, and the cybersecurity professionals already on staff are pushed to their limits. Something must change to address the staff shortages that are limiting organizations’ ability to erect and maintain strong defenses. This paper examines the cybersecurity skills shortage and advocates for the use of advanced security services and technologies that more effectively leverage the time of current professionals. The paper references data from an in-depth survey of 130 cybersecurity professionals in mid-sized and large organizations.

 

Offloading or Reframing?

As people leave jobs, the remaining staff might be asked to take up the slack left by those who have moved on. This activity generally includes shouldering new duties, but organizational knowledge retention is also becoming a significant issue.

Many organizations are looking to take advantage of outsourced service vendors who add human intelligence (not just AI and automation) to the tasks left behind by those who have left. For example, cybersecurity risk management requires analytics and then assessment based on a human view of how the risk impacts an organization, taking in the needs of the business and the potential effects to understand the necessary actions.

One method is enticing people who stepped out of the industry to return and asking them to handle those fixed scope engagements. If done successfully, this can convince these folks that they can have their side gig on the coast/semi-retirement/time with children and explore new challenges and project goals they’d like to get their teeth into -- help them.

Bring in the Experts; Recycle Knowledge

Engaging specialized experts for scoped tasks or gigs can meet the business needs for compliance or significant projects and get the job done faster and with greater effectiveness. And maybe at the same time skill up your existing employees. More cyber departments are using services to remove the burden of low- and high-level threat detection and response. This action frees up resources for security analytics, specific threat prevention initiatives, and key projects that uplift an organization’s cyber posture. I expect organizations are reconsidering their need for data sovereignty for some aspects of cybersecurity and using global talent and services to fill the gap.

The fastest way to adopt best practices, and one that reduces the burden on staff, is to re-use what others have done before. Our business shares the work we’ve done with clients via a portal that anyone can download mostly for free. The work derived from major Australian and global clients on topics such as presenting to the board or incident response guidelines and metrics we’ve seen work in an industry like theirs. Why build from scratch?

Look Beyond the IT Silo for Talent

Smart organizations are also looking inward and turning to staffers already on board to grow cyber talent – John in Legal? Sally in Marketing? Well-rounded humans have thrived in cybersecurity from the beginning because while coding is literally binary, cybersecurity is not. In the face of a cyber degree explosion, we’re still hiring humanities grads, lawyers and those told they must learn to code but never did because the optimal cybersecurity team is a truly diverse one.

There’s no doubt a great cybersecurity migration is underway, but if you tackle it head-on, there’s plenty you can do to emerge more robust and more secure as an organization.

Latest Trustwave Blogs

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More