Security heads at some of the world’s largest companies have revealed how they managed to stave off the cloud skills crunch by retraining staff to fill some of the most sought-after roles in the industry.
Speaking at cyber security firm Check Point’s CPX 360 conference this week, the CISOs of media giant TikTok, and business and financial information company Euromoney Institutional Investor, said they both resorted to upskilling existing staff in order to support their move to the cloud.
Martyn Booth has held the CISO position at Euromoney for six years and said that during his time business objectives such as costs and efficiencies drove the cloud transition initially, but the company found it difficult to attract the right security talent.
Now with 70% of Euromoney’s business running in the cloud, he said specialised cloud security talent is needed and security-specific cloud skills are still scarce, years after his original search for talent.
«Having access to people that knew what they were doing was always going to be a bit of a challenge,» said Booth in a one-on-one interview with Check Point. «So, we’ve had to skill-up people quite quickly, rather than just go to market because some of those people weren’t available and then use those people to protect those environments.»
Non-technical people in the business typically think one security professional is full-purpose and can cover the full breadth of what’s required but this isn’t the case, he said.
The key to this successful internal upskilling program, he added, was having hungry staff – people within the security side of the business that wanted to learn new skills.
«We had some people that were interested in doing it, it suited me for them to do it, so it was a reciprocal arrangement, really – that they wanted to learn something new and it’s something that I needed them to know,» said Booth.
«So, we took the decision to train people internally, and those people now will probably consider themselves, and I would consider them, as cloud security experts. Before, we had a very limited ability to manage that internally.»
TikTok’s CISO, Roland Cloutier, told of a similar experience at the cloud-first media platform, and its «multi-pronged approach» to talent acquisition that covers numerous pipelines.
Such pipelines include higher education partnerships, early education, outside hires from adjacent industries such as government and the military, and internal hires – both from a security background and from wider areas of the business looking for a change in career path.
«We have to create a pipeline that’s 10 years out… and then internally, one of our focus areas, being a converged security organisation, is where do our practitioners want to go,» said Cloutier.
«Maybe you’re in risk management today, but tomorrow, you want to be leadership in the fusion centre – what does that career progression look like for you. So we spend a lot of time focusing on where our people want to go, and how that’s going to help our pipeline going forward,» he added.
«And of course, when we find super great people that are looking to join TikTok, they’re coming even potentially from other areas within the business; it’s always great to give those opportunities as well.»
Cloud security’s extreme skills shortage
The shortage of talent in the wider technology industry is well documented and has been widening for years, but the shortage is especially apparent in cloud computing – a newer technology that is still struggling to attract professionals en masse.
«It’s a fairly new technology, and it’s a complex technology, so the knowledge gaps there are huge and it means critical data is really in danger,» said Maya Horowitz, VP of research at Check Point, speaking to IT Pro.
«The ones that really are cloud experts, they are so rare that they go to work for pure cloud companies and there aren’t enough left for other organisations… definitely, we’re in shortage of cloud experts.»
The anecdotal reports are backed by research with HashiCorp figures showing more than half of IT organisations (57%) think a skills shortage is the primary challenge in cloud adoption, and nearly half (47%) said security is a top cloud inhibitor too.