Do I have a designated and trained information security expert on staff or a third-party trusted information security and risk advisor?

A 2011 Symantec Threat Management Survey found that “most enterprises are not confident in their security posture and that staffing is a major issue limiting IT security’s effectiveness.” Specifically, 46 percent of those who lack confidence cited insufficient security staff, while 45 percent pointed to a lack of time to respond to new threats.

Worldwide, 43 percent reported understaffing as a major issue. While in North America, that number is 53 percent. This is significant. There is a lack of trained and experienced information security and risk management candidates. Some estimates say that unfilled cybersecurity jobs worldwide will reach 3.5 million by 2021.

As an employer of information security-related personnel, we have hired a core team of experts and have taken active steps to identify candidates and develop expertise from within. We also work with local technical schools and higher education institutions to foster new talent in the community.

Many organizations have a need for information security and risk management in their business but do not have enough work to justify the salary of a dedicated resource. In this case, they turn to a trusted advisor to help them develop a reasonable and appropriate information security program.