Information Security Forum Tackles Tomorrow’s Security Workforce in Latest Report
January 2019 by The Information Security Forum (ISF)
The Information Security Forum (ISF), the trusted source that senior security professionals and board members turn to for strategic and practical guidance on information security and risk management, today announced the release of Building Tomorrow’s Security Workforce. The organizations latest digest helps organizations to focus on building the information security skills and expertise necessary to retain employees within a progressive, engaging and collaborative environment that satisfies career aspirations. The paper uses the concept of the security workforce to reflect this diversity – encompassing all individuals who contribute to an organization’s information security, irrespective of functional designation or reporting line.
With a dynamic threat landscape growing in sophistication and intent, expectations on the information security function are increasing rapidly. With limited personnel available to manage the risk, attracting, recruiting and retaining a workforce presents a significant challenge for providing immediate and sustainable security. Shortfalls in skills and capabilities are manifesting as major security incidents that damage organizational performance, reputation and image. Building tomorrow’s security workforce is vital to addresses this challenge and deliver robust security for organizations in the digital age.
“Filling the skill shortage will require organizations to change their attitude and approach to hiring, training and participating in collaborative pipeline development efforts. An overly rigid and traditional approach to identifying candidates, coupled with over-stressed and under-staffed work environments, is clearly in need of new tactics and fresh ideas,” said Steve Durbin, Managing Director, ISF. “With clear direction and leveraging fundamental HR concepts, organizations can develop an approach that formalizes the structure of the security workforce, harnessing the appropriate talent and skills to achieve the organization’s security objectives. Building Tomorrow’s Security Workforce helps organizations find the right balance they require to be successful.”
According to the ISF, organizations need to refocus their outlook to incorporate new developments in the global security workforce. This requires the information security function to establish a strategic direction for its security workforce that aligns with organizational objectives. Embracing four objectives will set the strategic direction for building a sustainable security workforce:
• Adapt to increasing complexity and scale of demands
• Seek candidates with a wide range of competencies
• Strengthen diversity in the workforce
• Encourage retention with a progressive working culture
By combining these strategic objectives with fundamental HR concepts, organizations can plan and build a security workforce for tomorrow. The ISF Approach addresses existing challenges and provides the structure for a robust, sustainable security workforce to meet the evolving demands of the digital age. It accounts for the varying size, budget and remit of security workforces. It incorporates workforce planning for designing and building an organization’s – or function’s – security workforce. Workforce planning will align the security workforce with organizational strategy and operational requirements, preparing the security workforce for future demands.
“Moving forward, organizations need to broaden their approach to recruiting security professionals from a diversity of backgrounds, disciplines and skills sets; focusing on the aptitude and attitude of candidates rather than insisting on a host of specific skills, experience and qualifications that would elude a large proportion of current and potential information security professionals,” continued Durbin. “Our members are already demonstrating success, building tomorrow’s security workforce with the necessary skills and expertise, developing and retaining employees in a progressive and engaging environment. They understand that a sustainable security workforce is essential if the information security function is to become a partner to the business and effectively manage the increasing security burden.”