While I can’t say that Davey’s article (you can read it here) surprised me, it certainly brings to light the ever-growing talent shortage in the cybersecurity arena. I’ve married his article that reveals 1 in 6 CISO’s (17%) now use alcohol or medication to deal with the stress of their job to another real problem facing my customers; the cybersecurity talent shortage. While both are staggering, the leaders I’ve been working with are turning to non-traditional methods to lessen the burden and improve their organizations security posture.
In the past year or so, I’ve seen some of my customers partner with higher education to inject their brand specific security needs into curriculum; others are focused on recruiting prior military members looking to fight a different kind of battle, and a small handful more recently turning to the latest ML and security orchestration the market has to offer.
As I work with these organizations to support them with professional services engagements or managed security offerings, I’ve observed that there isn’t a one size fits all approach. While I’ve seen the MSSP market continue to grow exponentially, the brightest minds I interact with still find great value in educating their leadership and user population around the evolving threat landscape. I’ve heard it a dozen times in the last few months; a security leader boasting of a grand vision that would take 5 years to deliver on and therefore remains unfunded. As more and more organizations continue to overlook the importance of a formal security awareness program, I’ll expect the next census to report 3 in 6 CISO’s are now turning to alternative ways of coping with their stress.
CISOs – you have a choice; continue to educate your organization, or of course, stay medicated.