1. BUILDING YOUR
CYBER DREAM TEAM
Why training is an affordable, effective
alternative to hiring
ine.com
2. Building Your Cyber Dream Team www.ine.com
There is no denying the
role cyber criminals play
in modern commerce.
What was once a hodgepodge of hackers
targeting personal computers and select
businesses is now an expansive, innovative
field of its own.
Today, Malware and Ransomware as a Service are multi-million dollar
industries, dominated by criminal organizations that are centralized
much like modern corporations, with executives, sales staff, and
communications teams.
Even amatuer hackers now have access to sophisticated malware and
phishing techniques designed to attack businesses across the globe.
According to Cybersecurity Ventures’ Official Cybersecurity Report, cyber
crime will cost individuals and businesses a cumulative $10.5 trillion by
2025. As one ATT report noted, that number “represents the greatest
transfer of economic wealth in history and risks the
incentives for
innovation and investment.”
In order to combat the growing scourge, organizations need to focus
on building a robust cyber security team housed within their existing
information technology departments. While the largest multinational
corporations have an extensive IT budget, many small-to-medium
sized businesses struggle funding and maintaining a security team.
Even larger corporations aren’t without their own issues. Cyber security
unemployment has stayed at or around zero percent since 2016. A
budget for salaries only goes so far when there are not enough qualified
external candidates to choose from.
With the somewhat murky outlook on staffing a security
team, many organizations are turning to alternative
methods to ensure their network is secure.
3. Building Your Cyber Dream Team www.ine.com
of businesses experienced a phishing or
social engineering attack in 2018
EXPERTS PREDICT THIS WILL SKYROCKET INTO 2020
of businesses around the world
experienced a phishing or social
engineering attack in 2020
How is your
business impacted?
With increased innovation and centralization,
criminals are targeting businesses now more
than ever.
In a study conducted by Verizon, an analysis of thousands of security
incidents found that 94% of malware attacks were initiated on computers
via email. In more than 80% of these incidents, social engineering was
used to convince email recipients to install the malware unknowingly.
According to the FBI’s Internet Crime Report, cyber crime complaints
increased 69%, and a successful breach now costs an average of $3.86
million based on research by IBM.
As more than 90% of organizations state that a safe internet is the key to
building a successful business, many are investing in cloud technology, AI
and other smart tech to increase sales and boost productivity. A growing
criminal landscape can flourish where new technology is implemented
without cyber security strategy. As organizations continue their full-
scale integration within the digital world, hackers are ready to pick off
companies that are not fully secure, nor investing time and money into
cyber security.
75%
4. According to Accenture, “Almost 80% of organizations are introducing
digitally fueled innovation faster than their ability to secure it against
cyberattackers.” So, how do businesses insulate themselves from cyber
crime? Investment is key here, both in software—VPN technology, multi-
factor authentication and strong firewalls—and people. Unfortunately
the people factor to this equation is growing scarce as more cyber
security jobs open up than there are qualified applicants to fill them.
What’s more, many cyber security professionals are located in major
tech cities (San Francisco, London, New York) and taking positions at
major companies that have a sizable budget advantage over small-and
medium-sized businesses. That leaves the majority of global companies
with the question of how to protect their network, their IP and their
customer information while remaining on budget.
Can companies hire their
way to better security?
Many organizations believe that hiring new, experienced cyber security
personnel is the most efficient approach to defending their network
and sensitive information. While integrating veteran cyber security
employees into an existing IT staff sounds like the simplest solution,
there are several barriers companies face when hiring externally.
We are currently in the middle of a global shortage of cyber security
talent as the number of cyber criminals outpaces professionals trained to
keep businesses safe. An estimated 3.5 million cyber security jobs will go
unfilled due to a shortage of qualified applicants.
That number presents myriad problems for companies interested in
hiring. First, it is very difficult to find experienced help outside of major
cities. Second, the salary many personnel trained in cyber security
demand is costly.
An estimated 3.5 million
cyber security jobs will
go
unfilled due to a
shortage of
qualified applicants.
5. Building Your Cyber Dream Team www.ine.com
Explore the interactive map www.cyberseek.org/heatmap.html
Coastal Bias
Looking at the talent gap by state and metro area, it’s clear that
businesses in less populous areas will struggle to find external cyber
security talent. The below map from Cyber Seek shows the states
where demand for infosec personnel is greatest. Obviously, California and
New York have the highest number of jobs available, but almost every
state in the country has a heavy demand for qualified applicants.
Since younger, more tech savvy job applicants are drawn to coastal
regions and big cities, the number of people that businesses in less
populous states and those not situated on the coast have to choose from
continues to decline.
6. Building Your Cyber Dream Team www.ine.com
High Salaries
Cyber security unemployment has remained at zero percent for several
years. That imbalance between supply and demand is causing a salary
surge that benefits job seekers while leaving many job posters without
the security they need, while bidding wars for security personnel will
benefit larger corporations.
ZipRecruiter estimates that the average cyber security salary in the
United States is between $60,000 and $145,000, with many in the
field commanding nearly $185,000 a year. For businesses interested
in building and maintaining an infosec program, that number presents a
lofty investment.
As the field continues to grow, those salaries will only increase. There is
nothing to suggest that even a modest growth in the supply of trained
cyber security employees will outpace the massive influx of jobs expected
to open.
The underwhelming number of job applicants who qualify for
information security positions, the general location of many of those
candidates, and the salaries they command make it difficult for most
businesses to build a cyber security program from scratch.
$145,000
$185,000
$60,000
7. Building Your Cyber Dream Team www.ine.com
Can you hire temporary
workers?
Some companies are taking advantage of the new “gig economy” to
hire temporary help. Freelancers are often cyber security professionals
with niche experience who usually work on short-term needs for
organizations. While there are advantages to the freelance approach,
there are also disadvantages.
Most freelancers are trained in red team tactics such as penetration
testing for web applications, mobile applications, or general networks,
allowing them to seek out vulnerabilities within a network and
present their detailed findings for the hiring company. However, these
freelancers often do not stick around for the long-term work of building
and maintaining a stronger network.
Hiring freelancers or contract workers can help organizations test new
applications or fix high priority security issues that need to be completed
in a small time window. However, since many red teamers are not cross-
trained in network defense, their capabilities are limited, and hiring
several contractors to build a robust cyber security defense is expensive
and often time-limited. Since freelancers move from contract to contract,
most companies cannot rely on temporary help for long-term solutions.
Companies interested in building a lasting security infrastructure still
need to rely on full-time employees.
8. Building Your Cyber Dream Team www.ine.com
Training your way to
cyber security solutions
There is an alternative to hiring. Most companies already have an
information technology team in place, filled with employees who
understand the building blocks of information security. While cyber
security requires additional knowledge, many IT employees are eager to
learn new skills that will help them grow professionally.
Furthermore, training is the more affordable solution. Because many of
your employees already have the knowledge base to quickly develop new
technology skills, the cost-benefit analysis of training versus hiring makes
it clear that acquiring new skills instead of new employees is the best
option for most businesses.
As previously discussed, the average salary for a new cyber security
employee is between $60,000 and $145,000. In comparison, cyber
security training costs roughly $5,000 per seat per year. Most businesses
could train their entire IT department for half the cost of a new employee.
Cyber security education programs come with a training dashboard
that allows managers to monitor the progress of their team, ensuring
that employees stay on track and the training budget is used effectively.
Because everyone’s skill level is different and most IT departments need
both blue and red team knowledge, training companies often offer all
access passes. Each employee can cater their learning to their personal
skillset and the needs of the business.
Quality training is effective because you are teaching new skills to employees who
already understand the business’s cyber security needs, their network setup, and
the human factor of the company. It’s also much less expensive than hiring external
personnel and allows a measure of managerial oversight that ensures ROI.
9. Training is the future of
employee benefits
Recruitment and retention are on every company’s mind, especially in
the technology sector where new information, software and hardware
renders last year’s information nearly obsolete. In Deloitte’s Global
Human Capital Trends survey, 86% of business and HR leaders said that
“they must reinvent their ability to learn.” That’s because automation,
new innovations and a low unemployment rate in the cyber security
sector make it difficult for companies to compete for the best, most
knowledgeable talent.
Deloitte goes on to state, “Evolving work demands and skills
requirements are creating an enormous demand for new skills and
capabilities, while a tight labor market is making it challenging for
organizations to hire people from outside. Within this context, we see
three broader trends in how learning is evolving: It is becoming more
integrated with work; it is becoming more personal; and it is shifting—
slowly—toward lifelong models.”
Systems and technology change rapidly, and companies must focus on
the lifelong model of learning that allows employees to remain current
on their education and training. For IT departments that are expanding
into cyber security, training their employees allows individuals to feel
a personal stake in their own development and the development of the
company.
So how do you retain the best people, especially in technical roles
such as IT? While salary and benefits are certainly top of mind for every
candidate and employee, it’s the benefits and perks that come with the
job that often differentiate one position from another.
10. Building Your Cyber Dream Team www.ine.com
“ “
CIO.com is interested in how companies can maintain their
competitive advantage when there are so few qualified candidates in
the field. One article notes that “IT pros report receiving several calls a
week from aggressive recruiters who are desperate to fill requisitions.
And companies are equally desperate trying to hold onto the talent
they have.”
Professional development courses are a vital benefit for organizations
interested in retaining their top talent. That’s because employees are
invested in an organization when they feel an organization is invested
in them. For companies working towards building their cyber security
team, this is a win-win scenario. By providing training that keeps your
network secure, you’re also engaging your best talent in a way that
builds good will.
...we see three broader trends
in how learning is evolving: It is
becoming more integrated with
work; it is becoming more personal;
and it is shifting—slowly—toward
lifelong models.”
Deloitte
11. The only thing certain in the future of IT and
cyber security is change. Criminal enterprises
develop new attack methods quickly, and
organizations without an internal cyber
security team are unprepared for new threats
and vulnerable to attack.
To prepare for the inevitable, build with intent. Now that you have
established the need for cross-training your IT team, meet with them to
understand their interests within the security sector and develop training
paths for individuals that cater to their strengths and fulfill business
goals.
While red team training such as penetration testing and exploit
development is overwhelmingly popular in the ethical hacking space,
you will need individuals trained in defensive measures as well. Identify
the members of your staff that are able to cross-train in network defense
and incident response.
Building
Your Cyber
Dream Team
Conclusion
If your company is interested in INE’s industry leading
cyber security training, visit our website or speak with a
client success representative today.
sales@ine.com | ine.com