10 ways to build a cybersecurity team that sticks
Creating an effective cybersecurity team can be a challenge. The skills gap is showing some improvement — the (ISC)² 2020 Cybersecurity Workforce Study shows that the cybersecurity skills gap is down from 4.07 million to 3.12 million professionals. But even if you can find people to fill cybersecurity positions, these skilled professionals need to be encouraged and nurtured to make them stick around for the long term. A recent (ISC)² study, “Build resilient cybersecurity teams,” has excellent advice on doing this.
FREE role-guided training plans
Building resilience through team motivation
Cybersecurity teams are like a family unit. The members of this unit need to work together on highly stressful projects that impact the entire organization. Like a well-oiled machine, a resilient cybersecurity team can be highly effective. The (ISC)² study spoke to cybersecurity professionals to get their insight into building and maintaining a strong cybersecurity team. One of the factors behind a resilient team is motivation. 52% of cybersecurity professionals said that the ability to solve problems was their reason for entering the field. Next in line for important motivational factors was a professional's existing skillset and having a keen interest in cybersecurity. Other important factors included:
- Working in a continuously evolving field (42%)
- The ability to help society (37%)
- Achieving good compensation (36%)
Skill-up to keep staff on the path to success
Technical and non-technical skills are important in building resilient cybersecurity teams. There are many technical skills to know:
- Cloud security
- Malware analysis
- Data analysis
Amongst the top non-technical skills were:
- Problem-solving
- Analytical thinking
- Working in a team
- Creativity
Self-learning and certifications are the topmost essential items for those pursuing a cybersecurity career. The top three are:
- Self-training
- IT certifications
- Cybersecurity certifications
Shadow, support and mentor
Having a mentor or advisor was seen as an essential aspect of helping develop employees building a career in cybersecurity. Having the support of a more experienced cybersecurity professional was pulled out several times in the study as providing the basis for robust team culture. Several themes came out from conversations with cybersecurity professionals on retaining staff and encouraging a more diverse team. These include:
“Being thrown in at the deep end." Being given too much responsibility was seen to have some detrimental effects on those in the earlier stages of their careers. Being given this responsibility too quickly can cause a feeling of being overwhelmed, frustrated and losing interest.
“First jobs.” Because cybersecurity presents a wide array of issues to resolve, any lack of clarity or consistency in a role can cause problems and a lack of confidence in junior staff members.
“Patience and support.” Cybersecurity roles can often be overwhelming and cause less experienced staff members anxiety. This can lead to the loss of a potentially excellent member of staff. Ensuring that a cybersecurity team is designed to help with issues and present a clear escalation pathway can improve overall confidence.
Certifications
The cybersecurity professionals interviewed in the survey pointed out that certifications were important in the early stages of their careers. The respondents cited certifications as a “milestone in their career” and proof of their ability to do a job. One respondent summed up how certifications helped build their confidence:
“I studied hard learning my role, researched on my own time, earned certifications, attended training courses and conferences. All of that helped me to grow in my career.”
FREE role-guided training plans
The top 10 measures needed to build an effective cybersecurity team
According to the (ISC)² 2020 Cybersecurity Workforce Study, there are 10 key measures to use when building an effective cybersecurity team:
- Look inward: the “better the devil you know” is a good starting point to build a cybersecurity team. Reach out to people already in the organization who may be interested in cybersecurity; create an environment whereby employees can build up the necessary skills to join your team.
- A balanced approach to IT talent: the study found that 55% of cybersecurity professionals began their career in IT. However, the study also highlights that diversity within a cybersecurity team is essential. Therefore, draw from IT talent, but do not only limit your team to those from a technical background.
- Hire for attitude and aptitude: go beyond a candidate's CV. Look for passion and drivers that complement your existing team members.
- Create realistic job descriptions: (ISC)² suggests getting help from HR to create appropriate and realistic job descriptions when hiring your cybersecurity team. The study also points out the importance of matching security roles to the right level of certification.
- Invest in education: educating your cybersecurity team is an ongoing commitment. The study suggests that “Every organization needs a formal, standards-based cybersecurity education program for the employees responsible for securing their digital assets.”
- Take the long view: the study points out the importance of patience when building a resilient and long-lasting cybersecurity team. Investment into the team by building professional development pathways is the most crucial step.
- Foster mentorships: the study points out that cybersecurity professionals believe that having a mentor during the first three years of their career was invaluable. The study suggests using a mentorship program between senior members of the team and new entrants.
- Recognition builds confidence: feedback is essential, especially positive feedback, as this develops confidence. Build on this confidence by allowing junior members to step up to co-run projects.
- Keep the team together: building a coherent team involves allowing that team to help in its evolution. When recruiting, get the involvement of other team members to help identify missing skill sets.
- Embrace diversity: a diverse team, crossing sex, gender, race, disability and class boundaries, will help to offer insights and knowledge that would otherwise be missing from a less diverse cybersecurity team. Work with HR to identify diversity gaps and to attract a diverse audience of potential applicants for posts.
Building any cohesive and resilient team is not easy. But by following the (ISC)² guidelines, collated from professionals in the field, you can create a team that will be a credit to your organization.
Sources:
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- 10 ways to build a cybersecurity team that sticks
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
- Top 8 Microsoft Teams security issues
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security