Executive Summary:
In cyber security, the potential workforce available is not keeping pace with demand. In the US, more than 750,000 cybersecurity positions are unfilled, and globally, more than 3.5 million There are vacancies in cyber security.
“While Amazon, Meta, Twitter, Microsoft, Google and other tech giants are going through layoffs, our industry has put up a huge ‘help wanted’ sign,” says Steve MorganFounder of media group Cybersecurity Ventures.
However, despite the ‘help needed’ signs, the talent gap has yet to be resolved. As a result, some CISOs are redesigning staffing plans to address challenges related to recruiting, hiring and retaining security personnel.
In this article, discover the talent framework for value. See how it can enrich employment practices and increase workforce while reducing your cybersecurity risk.
What is the approximate talent framework?
In a talent-to-value framework, leaders clearly define the most important cybersecurity roles—those that yield the greatest risk reduction for the organization.
When hiring, most leaders use a top-down approach that involves filling positions at the highest level before filling positions further down the organizational chart. However, due to the shortage of workers, and the high (sometimes exorbitant) costs associated with competitive talent, the standard recruiting approach is not as effective in this job market.
The daunting threat landscape means organizations may need to manage cybersecurity talent more flexibly than for other departments. By gaining a holistic picture of an organization’s cybersecurity needs, leaders can create an employee engagement roadmap that hones in on the most critical security initiatives and roles. And these positions will not necessarily be at the top of the organizational chart, as you might expect.
Talent for value in action
In a talent-to-value framework, the most important roles are those that lead to maximum risk reduction; Those that result in the highest levels of security value.
Talent for value enables risk reduction through targeted recruitment and talent development. The approach helps identify which skills and roles are a priority when it comes to risk management. In other words, the approach enables a clear understanding of the roles that demonstrate the greatest “return on risk investment”.
In short, the talent-to-value framework enables organizations to hire the right people at the right time. This ensures that near-term cyber security hiring aligns with business growth goals.
Hiring employees on the basis of discounts
Less mature companies often believe they should hire based on cyber roles, regardless of the specific cybersecurity risks inherent in their industry or organization. As mentioned earlier, the talent-to-value framework emphasizes the importance of hiring the right people at the right time. Using talent for value, leaders can better assess where to apply resources to best mitigate risk.
The three-step approach
Integrating the talent-to-value framework into the organization is a three-step process. Below are brief descriptions of each step. In applying the talent framework to the value:
1. First, identify priority tasks. Using a risk model and assigning scores to potential vulnerabilities based on risk, the talent-to-value framework asks leaders to map a set of cybersecurity tasks that are top priorities when it comes to executing a cybersecurity strategy. Although each organization will assign risk scores differently, scores should be based on the business or operational impact of exploiting a weakness.
2. Second, define which roles will lead to maximum risk reduction. The next step is to define and prioritize security roles required to account for the top risk-based priorities. After defining priority roles, leaders can create job descriptions that address what the organization needs in each role.
3. Determine whether priority roles can be filled by upskilling existing talent or whether recruiting new talent is really necessary. Once job descriptions have been created for preferred roles, leaders can analyze who, if anyone, on their current teams might be a good fit for the roles. In some cases, it is more efficient and cheaper to upskill team members than to hire new employees. And for some organizations, it may make sense to outsource talent in order to accelerate implementation and scale security support quickly.
Summary
The talent-to-value framework enables organizations to see what kind of skills are really required to manage risk, clearly understand who they need to hire and set expectations for risk mitigation outcomes. Using the talent-to-value model, leaders may realize they don’t need a cloud security manager — Instead, they need a cloud security architect with specific types of experience.
Against the backdrop of the ongoing shortage of cybersecurity talent, talent for value enables organizations to be more strategic in terms of who they hire, who they train, actual risk mitigation and return on security investment.
For an expanded set of insights regarding the talent-to-value framework, please Click here. For more cybersecurity talent management strategies, check out CyberTalk.org’s e-book. Finally, sign up for the CyberTalk.org newsletter for executive-level interviews, analysis, reports and more every week. Sign up Here.
