Many organizations take months or years to discover they've been victimized by breaches because they lack experienced cybersecurity personnel, says employment researcher David Foote.
Enterprises are hiring cybersecurity specialists, but many of them are relatively young and lack the experience to help quickly detect that their organization has been hacked, says Foote, CEO and co-founder of the IT employment research firm Foote Partners. The solution to the cyber-skills shortage, he says, is "the maturing of the workforce."
"You learn some things in school [but] you have to go through a period of time when you're actually on the job, doing it live," Foote says in an interview with Information Security Media Group. "We just have to wait until the cybersecurity jobs mature and have enough people who have been out of school and have learned on the job how you determine whether you've been hacked ... what [are] the root causes and what's been stolen. I don't know if there is any other way. It's just a maturation process that takes time."
In the interview (click on player beneath above image to listen), Foote:
Discusses how organizations can immediately address the cybersecurity skills shortage as they bide time for the maturation process to work itself out; Explains how two types of risks - business risk and information security risk - are converging to help managers tackle the cybersecurity skills gap; Describes three types of CISOs now in demand.Before co-founding Foote Partners in 1997, Foote worked as an analyst at IT advisers Gartner and Meta Group.