The cyberworkforce gap is well documented. When we look at it from a macro level, it seems straightforward. Studies show between 1-3 million job openings over the next few years, unfilled due to a lack of talent. As schools pump out new cyber grads and push them into the workforce, our prayers are answered, right?
When we look closer at the problem, we see how woefully inadequate the macro view really is. The uncomfortable truth is this: We cannot close that gap by throwing bodies at it. The speed of change in the cyberarena means that new skill gaps are created daily, even on established cyberteams. In other words, every day our teams are not learning and applying new skills, they are a little less prepared for what may come at them.
Healthcare has many parallels with information security since both are based on prevention, monitoring, diagnosis and correction to avoid negative results. If medical success, however, were measured only by prevention of death, doctors would be the worst professionals in the world. After all, we are all going to die one day.
Moreover, if we take that same rationale for information security and measure its success or failure only through incident prevention, we will see some successes, but, eventually, there may be failures, perhaps catastrophic. Does this sound familiar?
I have been fortunate in my career to have attended many excellent ISACA conferences where the keynote speakers have excelled in delivering their message in very clear and pragmatic ways. One such speaker was futurist Mark Stevenson about whom I wrote in my recent Journal article, coauthored with Ian Cooke, in which we discuss the 8 principles of successful optimists and their relevance to the IT audit profession.
Personally, I found Stevenson’s closing keynote talk at the ISACA EuroCACS in Dublin in 2016 very inspiring, and it has motivated me to increase my level of participation with ISACA. Since this talk, I have spoken at an ISACA EuroCACS event, joined the ISACA Ireland Chapter board, spoken at an ISACA risk management talk, participated as a subject matter expert for ISACA webinars and am now evidently contributing to writing ISACA Journal articles and blogs.
The business case for diversity is well-established. Research studies clearly indicate that diverse and inclusive organizations benefit from increased productivity, enhanced problem solving and heightened levels of employee engagement over their more homogenous peers. But how does an organization successfully attract and retain the best and brightest IT audit talent in an ever-increasing competitive market? Sure, you could try to compete with the Silicon Valley (California, USA) firms by upgrading your employee perks to include on-site spas, car washes and free gourmet meals. But there is a more effective strategy—one that is often overlooked—and it does not involve offering free frittatas. Employee resource groups (ERGs) can be a very valuable tool to recruit new talent and ensure that existing employees feel welcomed and valued.
The amount of data accumulated by 2020 worldwide is predicted to exceed 44 zettabytes (or 44 trillion gigabytes), and the data growth rate is about 1.7 megabytes per second for every human being. To manage and understand it, artificial intelligence (AI) was developed, and its use has been increasing at an rapid rate. We see this in the products that are coming to market.
This new technology is affecting us in many ways: