It‘s almost become a cliché that there are too many security jobs for too few qualified applicants. In fact, according to recent research, this problem has increased year over year, with 53% responding that they’ve faced a skills shortage in this area.
And the stakes of tackling cybersecurity challenges have never been higher. With an increase in the number of regulations with mandatory breach reporting requirements, the public grows ever more aware of the dangers of data breaches while businesses face increased visibility and scrutiny.
As a result, many businesses increasingly recognize the need for security services. Which means Managed services providers (MSPs) face both a challenge and an opportunity. Businesses will increasingly expect their MSPs to be able to handle all things IT, including security. Yet, with a skills shortage, can MSPs hope to tackle this critical challenge? Today, I’ll look at what steps you can take in a competitive skills market.
We should probably address why the shortage exists in the first place. For starters, the obvious answer comes from the relative infancy of the field compared to other IT roles. This leads to fewer people with a background in security. Add in the fact that technology itself has become more complex and disparate, and finding the right talent can be incredibly challenging.
However, we should also consider that there’s simply a proliferation of needs in the security realm. The industry needs SOC analysts to manage and analyze incoming alerts. It needs forensic experts to analyze attacks, preserve evidence, and potentially interact with authorities. It needs security engineers and architects to design networks and systems for security. The industry needs cryptography experts, pen testers, threat intelligence analysts, project managers for rollouts, cloud security specialists, and communications professionals to help around incidents. Simply put, there are a plentitude of needs, leading to a lot of roles and specializations that teams need to look for. Finding experts becomes more challenging as these needs continue growing.
I mention these roles to put the shortage in perspective. Many positions require specialists. But as an MSP working with SMBs, you most likely won’t need an advanced cryptoanalyst on staff. And even if you were looking to hire specialists, you won’t need to hire a full complement of security experts—you’d only need to choose those with specializations that fit your client base.
In short, the overall skills shortage numbers don’t tell the entire story, and they certainly don’t tell your story. So keep that in mind if you worry about finding quality candidates.
Despite my point about specialization, finding security professionals can still be a challenge. So here are a few pointers:
Overall, the IT industry does face challenges in hiring new security professionals. As MSPs increasingly become the focal point for cybercrime, they will need to find ways to overcome this shortage. One bad incident could put their customers—and potentially them—out of business. However, the tips above should give you ideas on building your security bench even if you’re starting from scratch.
Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.
Get the latest MSP tips, tricks, and ideas sent to your inbox each week.