HITB2016AMS

More CISOs looking to recruit cyber-security trainers than leaders, analysts, engineers or pen testers

I have often said our IT skills crises is not of skills, but of employers who train and have been looking at why that is. Evidence is emerging that the shortage of trainers is a prime cause. The headlines from the Harvey Nash/PGI 2016 Cybersecurity are not unexpected: "Half of all boards lack real understanding of cyberthreat" [one might same the same of supposed cyber-security "professional" with their obsessions over technology rather than strategy]. I was not therefore surprised to see that half of all respondents (CISOs) were looking for security architects. I was, however surprised to see that more (42&) are looking for those to run in-house training and awareness programmes than for leaders (39%) or analysts (34%).

Barely 21% were looking for pen testers but 78% had outsourced this, so that finding should not be surprising . Nut only 13% had outsourced training (lower than for anything other than incident management or security strategy). Given than outsourcing decisions were claimed to be based on getting guaranteed access to subject matter expertise or lack of in-house skills, this implies a serious lack of awareness of the shortage of those competent to organise security training and awareness programmes.