Can cyber-enabled roles help alleviate the cybersecurity skills gap?
The cybersecurity skills gap is not a new concept for organizations and has contributed to many organizations not satisfying their cybersecurity needs. What has complicated this issue is the steep rise in working from home due to the COVID-19 pandemic.
This article will detail how cyber-enabled roles can help alleviate the cybersecurity skills gap for an organization and will explore what some cyber-enabled roles are, real-world examples of cyber-enabled roles and where they belong within an organization, and building a workforce that is secured by design plays into the whole process.
Mind the gap
The cybersecurity skills gap refers to the gap between an organization’s cybersecurity needs and the cybersecurity skills ability of their employees, and on a larger scale, the gap between the number of open cybersecurity jobs requiring qualified professionals and the lack of professionals to fill those roles. The causes for this skills gap range from lack of on-the-job training to a lack of career growth for cybersecurity roles.
What has made the cybersecurity skills gap even worse is the rise of working from home — now it is upwards of 62% of the workforce! Since the rise of the COVID-19 crisis, cybersecurity training has been slow in responding to this new normal. With cybersecurity training lagging, there has been an interesting trend since the pandemic began: the blurring between classic cybersecurity roles and cyber-enabled roles within organizations.
What is a cyber-enabled role?
Despite sounding like a device that has a feature enabled, cyber-enabled roles can be quite valuable for organizations. Instead of being a role that requires the depth and breadth of knowledge and skills that a dedicated cybersecurity professional has spent years amassing, a cyber-enabled role involves above average cybersecurity understanding. It may be woven into a general IT role, or even a role that has nothing to do with IT.
Regardless of what their role title is, the cyber-enabled workforce has cybersecurity knowledge and skills that may make them a dependent-upon member of an organization’s IT workforce.
What is a secure-by-design workforce and how does it fit in?
Like salt and pepper or peanut butter and jelly, secure by design and cyber-enabled roles are hand-in-hand. Secure by design refers to implementing security measures and security mindedness from the very beginning.
When designing a secure by design workforce, organizations bake in security knowledge and skills into the role such as by providing advanced security training on some level or by assigning the role security-related responsibilities. While not as dedicated or compartmentalized as a traditional information security role, cyber-enabled roles can be just as helpful to their organization in the aggregate.
Being secure by design can be thought of a kind of security multiplier for an organization. When combining this with cyber-enabled roles, an organization can transform their cybersecurity posture from one of gaps to one that is solid and focused more on prevention than reaction.
A focus on skills, not the role
A theme here is that we are seeing more and more of a shift in focus from the role to the skills required as being the guiding light for hiring organizations. This skills-based approach gives organizations a better way to prepare for the cyber-enabled roles of the future and to upskill existing roles.
Real-world examples of cyber-enabled roles
Cyber-enabled roles can be placed anywhere in an organization, but the majority of these roles are part of the IT department. All sizes of businesses can benefit from, and currently use, cyber-enabled roles. Some of the most common areas you will find cyber-enabled roles are presented below, separated by their respective departments within the organization.
- Cloud architecture and deployment: As more organizations have been moving to the cloud, there has been a demand for cyber-enabled roles for cloud-based networks, their security and design.
- Network architecture: Despite the classic nature of designing and deploying networks for an organization which is generally its own role, these responsibilities can be given to different cyber-enabled roles which, in the aggregate, will perform the same job.
- Identity and access management: Verifying and authenticating network users needs to be implemented in a manner that minimizes data loss and complies with the organization’s security needs. Assigning these responsibilities to cyber-enabled roles that do not have cybersecurity as their primary focus will make security more of everyone’s concern, not just the concern of traditional IT.
Software development is an area where being cyber-enabled and secure by design are nearly synonymous. This is because making a cyber-enabled role in software development requires kneading in cybersecurity best practices into the software development life cycle from the very beginning of the development process.
- Application software developers: A focus on security is required at every stage of software development because they must not only provide a solution to the organization’s requirements but do so in a way that the risk of data loss or theft is greatly minimized.
- Systems software developers: Due to the industry of these systems (medical, military, industrial and so on) a focus on security is paramount to minimize vulnerabilities. This is a typical example of a role that needs to be cyber-enabled due to the strict security requirements of these fields.
Governance, risk and compliance (GRC)
- Risk manager
- GRC analyst
- Privacy analysts
Healthcare professionals and medical device professionals
These organizations expose large numbers of their employees to sensitive information daily. Compared to other regulated industries such as finance, healthcare organizations are more likely to employ cyber-enabled roles.
- Data security administrator/analyst
- Clinical engineers
The cybersecurity skills gap is a real challenge for many organizations. Using cyber-enabled roles can help to patch up these gaps in cyber skills but it should be done in conjunction with a secure-by-design workforce. This will help ensure that any cybersecurity gaps you may have are as comprehensively covered as possible because security would have been a top consideration from day one.
Cybersecurity Bounces Back, but Talent Still Absent, Dark Reading
Defining and Developing the Cyber-Enabled Workforce, Cyber Vista