The current manpower crisis concerns the cybersecurity sector as much as any other. However, there is a solution for organizations struggling to find specialists capable of erecting effective protection around their infrastructure: outsourcing. This has become essential in the face of the massive use of new technologies during the COVID-19 pandemic.
Competition for talent is ferocious in the information technology (IT) industry. It’s even more intense in the field of cybersecurity as a result of the growing threat of cyberattacks due to the COVID crisis. Consequently, both technology companies and those working in other economic sectors are doing everything they can to recruit professionals experienced in computer security.
“We are all fighting for the same people and the same skills, which creates inflationary pressure on wages,” notes Martin Larivière, director of human resources at NOVIPRO, a company specializing in business solutions in cybersecurity.
The pandemic has exacerbated these challenges, and more than a third of organizations have struggled to attract qualified talent (45%), retain key resources (36%) or mobilize and motivate teams (31%). (Source: Portrait of IT NOVIPRO/Léger 2022.)
Telework, which is increasingly widespread, has also complicated the situation for companies looking to encourage a sense of belonging in their teams. Keeping security specialists in a job long-term is a challenge, because when an attractive offer is made by an employer going all out to hook an expert, it can be difficult to resist. This results in a labour force that is much more mobile and higher wages being demanded for a given skill-set.
Organizations that are recruiting need to know their cybersecurity needs. "We can’t expect a company that is not in the field to provide an accurate portrait of their needs," points out NOVIPRO's Chief Information Security Officer (CISO), Dominique Derrier.
"Employers who want to find computer security experts will search for keywords in Google and add them to their job offer," he continues. “But the more keywords you put in, the more likely you are to create a profile that does not precisely meet your needs.”
As a result, organizations in sectors other than IT can end up recruiting expensive experts who are overqualified or, conversely, novices who struggle to meet expectations. By the same token, full-time resources can end up being hired in a situation where real needs demand a cybersecurity expert for only a few days per month.
In such circumstances, using an external firm specializing in cybersecurity may be the wise choice. The firm will be able to support companies in the development of an effective strategy, that is to say, to establish governance, to determine indicators and to put monitoring mechanisms in place.
Project management and punctual support are part of the services offered by such subcontractors, along with regular monitoring of the company's infrastructure to ensure that the barriers erected to keep cyber crooks at bay hold up.
"The idea is to offer the right services at the right time," summarizes Mr Derrier.
Based on his own experience, NOVIPRO's IT security manager points out that external firms employ experts who are up to date with a wide variety of market trends because they collaborate with companies from several areas of activity. External firms also seek to obtain the latest certifications and employ cutting-edge training.
“Being up-to-date and providing relevant services is what drives external resources,” says Mr Derrier. “What's more, calling on an external cybersecurity firm makes better use of limited human resources. Do you really need a whole fire crew permanently at your place? If you work in a petrochemical refinery, absolutely. Otherwise, no. The trained guys from the fire station around the corner will do perfectly. The same applies to cybersecurity needs. What do you really need, and how much is too much or too little?”