The need for cybersecurity talent in government is well documented. Creating and retaining talented cyber professionals is incumbent on both employers and cyber employees. Two articles we highlighted in Threat Brief told the stories of each side effectively.
This article in Dark Reading looked at what it takes to attract and retain cyber talent, highlighting what needs to change in organization cultures. The first is to stop seeing security as “an annoyance and a sunk cost” and rather see it for what it is – “a proactive and positive force for their company.” Changing this attitude has an impact on the team’s perception of itself as well as the whole organization’s willingness to comply with security mandates. To do this the author recommends:
- Make the threat real – show people how many times your system is getting pinged by malicious activity
- Let the security team do what they enjoy – automate tasks that are mundane
- Provide training and out of office hands on work at events like hack-a-thons
Creating this environment of proactive support is also incumbent on the employees themselves. As this infosec island article discusses, IT security professionals have to take the same proactive approach to their careers as they do to mapping out the security of the systems they are tasked with protecting. Professionals should have a career development plan mapped out. To do so, one needs:
- Defining your mission and goals
- Identify gaps
- Develop an action plan
- Execute your plan
- Continually assess your progress
With this plan in mind, it is easier to select the projects that will be fulfilling, know where you need to ask for training, and even when it is time to move on to a new position.
We’d love to hear your thoughts on how to build a proactive and well-trained security workforce.