The Impact of Talent and Resource Shortages in Cybersecurity

It’s no secret – there is a severe talent and resource shortage in cybersecurity, but what is the impact it’s having on our businesses? CRITICALSTART’s Jordan Mauriello and Michael Balboni, former advisor to Homeland Security, talk about strategies to address cyber defenses given these shortages.

Full Transcript:

JM: Hey guys, Jordan Mauriello with CRITICALSTART here, Senior Vice President of Managed Services. Today I have with me Michael Balboni, President of Redland Strategies, former Senator, Assemblyman, advisor to Homeland Security. Honored to have him here with us today. We’ve been doing some awesome discussions about things that we’re doing at CRITICALSTART and working with Redland Strategies.

JM: Today we wanted to take an opportunity just to talk to Michael about some general cybersecurity issues. He’s a major influencer in our community. I know many of you already know who he is and has had a major impact even on some of the legislature that we’ve seen around our industry too as well. We want to take the time to get some thoughts from him on some of the direction the industry’s going impact that some of the changes we see in cyber in general are having on national defense, the role of Senate and Congress, and where that’s going from a legislature perspective.

JM: We’re going to open up and have a nice, fun conversation here about some of these issues. Thank you so much for being with us, Michael.

MB: Thanks for having me Jordan, and thanks for your service to the country in the military.

JM: Thank you very much, sir. I appreciate your support.

—

JM: Probably the next biggest problem in security outside the signal to noise ratio problem is talent, resources, and resource shortages. If you’re not a core competency in security or technology and then you’re trying to hire security and technology professionals, well now are you going to compete with organizations who are going to pay a premium for those because those resources are going to bring in revenue for those. I think it’s a big problem we see out there. Obviously, there’s a massive talent pool shortage, but it’s also so competitive for cybersecurity resources today.

MB: It’s funny. When I was back in the Senate, and this was a long time ago, 2005-2006. I actually introduced legislation to try to create scholarships at State University level for the creation of cybersecurity courses. You’re absolutely right. There is an absence of well-trained cybersecurity. Other nation-states like China have basically institutionalized the cyber hacking. They’re training all these cadres of soldiers to learn how to do this. I’m not saying we set up hackers, but I think in terms of understanding what the IT security dynamic is, we need to do a lot better of that with our institutions, our educational institutions. In the absence of that, a lot of companies are uncomfortable with offloading that responsibility of monitoring and responding to network threats. First of all, it’s expensive a lot of times and secondly, you don’t necessarily have control of everything that’s in your environment.

MB: A lot of companies might be dealing with sensitive information. Again, having insurance, having a well-qualified vendor, those are steps along the way, but there should be other strategies where you can internalize your cyber defenses so that you can give assurances to the board of directors, to your shareholders, to your customers and frankly to your staff that you have worked through all the different possibilities of what cyber could mean and you’re going to continue. You’re going to make sure that the systems you’ve set in place will create a business as usual environment.

JM: That’s a great answer. I think it’s a great way to approach the board is that you’re talking about helping keep business as usual as the primary goal and focusing on your core competencies.