Can’t find cybersecurity talent? Train your own
Symantec CEO Michael Brown recently predicted that there will be a 1.5 million shortfall in the number of cybersecurity professionals needed worldwide by 2019.
Some universities like Drexel are offering degrees in information security, but that won’t fill the pipeline fast enough. In the meantime, the Googles and Amazons of the world are starting to lure cybersecurity professionals from the healthcare sector. But instead of getting locked into a costly bidding war, here’s a smarter move: train your own security gurus from within.
There are plenty of health IT professionals with expertise in revenue cycle management, EHR optimization and networking – and many of them are itching to get into information security. They’ve read the U.S. News and World Report study that estimates that the cybersecurity job market will grow by 36.5 percent annually over the next seven years.
Your existing IT staffers can begin transitioning to information security by taking advantage of many excellent online resources. Some of these introductory training sites also provide Continuing Professional Education (CPE) credits required by most technical societies. They’re also a great resource for C-suite executives who want to learn the basics of information risk management so they can develop strategies for avoiding costly data breaches.
Once your staff members have gone through “Data Breach 101”, you’ll be better able to steer them to advanced certifications like CRISC and CISSP.
Here’s a roundup of some of the most accessible yet information-packed online resources:
- Many security newcomers don’t thoroughly understand what their companies are legally required to do following a data breach. The Department of Justice has published an excellent introductory resource called “Best Practices for Victim Response and Reporting Of Cyber Incidents” which (despite its title) contains useful tips on how to prevent breaches, plus a detailed summary of steps to take after a breach has occurred. This document covers many of the basic tenets of sound information risk management: take preventive measures before a cyber-intrusion, identify the organization’s most critical information assets (e.g., intellectual property, sensitive customer data), and have an actionable response plan in place before a breach takes place. The DOJ document also details what to do in the aftermath of a breach: make a forensic image of all affected computers, make formal notification (both internally and externally), and much more. There’s even a handy list of things not to do following a data breach.
- ISACA (formerly the Information Systems Audit and Control Association) hosts a CyberSecurity Nexus webinar series – an hour-long monthly presentation that sheds light on timely and practical cybersecurity topics.
- FireEye’s CyberSecurity Fundamentals series drills deeper into chilling topics like “Anatomy Of A Cyber Attack” and “Cost Of A Data Breach.”
- Lumension publishes an array of e-books like “IT Pro’s Guide To Safe Social Media.” These booklets emphasize that data security is a company-wide issue – too important to get handed off solely to the IT or compliance department.
- For wide-ranging educational content on information risk management and HIPAA/HITECH issues, try the online resources from Clearwater Compliance, which include free weekly webinars, an on-demand video library, a rigorous HIPAA Compliance Program BootCamp, HCISPP education, courses for CPE credit, white papers and more.
- BrightTALK features webcasts from many of the leading lights in information risk management and data security. The organization was founded in 2002 by Silicon Valley tech leaders.
You don’t have to look outside your own organization to find potential cybersecurity stars. With introductory resources like these, you can turn your current staff members into the CISOs of tomorrow.
Best Practices for Victim Response and Reporting Of Cyber Incidents, CISSP, Continuing Professional Education, CRISC, Drexel University, HIPAA, HITECH, Information Systems Audit and Control Association, ISACA