Startups would not hire a full time lawyer. Neither should they hire a full time Chief Information Security Officer.

CISOs can beat the infosec skills shortage. Here’s how

By Doug Drinkwater

CSO | Sep 2, 2015 6:05 AM PT

The information security skills gap may have become a huge issue for Chief Security Offices (CSOs) and Chief Information Security Officers (CISOs), but there are a number of ways InfoSec teams can work around the shortage so to protect their networks and stay ahead of the attackers.

Outsourcing staff

When people think of outsourcing, they often think of outsourcing services. A company may, for example, choose to outsource its accounting, customer management, or recruitment.

However, it’s worth noting that you can also outsource talent and this is a poignant note for an understaffed and under-skilled security industry.

Most security teams are increasingly working with penetration testers, consultants and incident response (IR) experts, but this writer knows of at least one CISO, working at a major transportation company, whose own team are formed almost entirely of experienced contractors.

This may sound extreme but there are numerous benefits to outsourcing your team. For starters, these personnel are usually heavily-experienced with years in the industry, perhaps even within specific sectors, while they can hit the ground running from day one. As a result, there’s no need to train them up and they earn lucrative salaries, so there’s little chance of them jumping ship.

Read the entire article here

Telegraph Hill Software can help you solve your infosec skills shortage with our new Virtual Chief Information Security Officer as-a-service. To learn more about VCISO and schedule a call please Contact Us.