It's not exactly a secret that there's a worldwide shortage of experienced cyber security professionals. At least one widely-cited report has put the figure at over a million unfulfilled positions, while also noting that the answer won't be quickly solved simply by stepping up the number of cyber security college graduates.
It's a complex field that takes years to obtain the kind of comprehensive knowledge needed to prevent unceasing and ever-evolving cybercrime attempts. So where can this kind of talent be found today--in abundant enough numbers to stay ahead of cyber criminals?
Coveted security credentials found in the cloud
The terms "cloud provider" and "data center" are often associated with routine hosting and storage of data in physical facilities filled with humming machines and some staffers to assure the power stays on. In reality, the top tier data centers are staffed with senior professionals with a wealth of knowledge, thanks to continuous immersion and training in all things related to security and privacy. The level of professional expertise can span from manager to director to C-Suite executives, but in an advanced provider's facility, almost all staffers will have at least a decade of experience in IT security and hold widely respected credentials.
One of the most prestigious designations is that of Certified Information Systems Security Professional, which is credentialed by the Information System Security Certification Consortium, Inc. CISSP certification is a globally recognized standard of achievement that confirms an individual's knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls for secure business environments. This is an advanced course of study for experienced professionals only – candidates must have a minimum of five years of paid full-time work experience in two of 10 security domains.
Where the healthcare privacy professionals are
With data breaches becoming a common occurrence in the healthcare industry, there's a pressing need for professionals adept not just at meeting but exceeding HIPAA security and privacy requirements. Here again, a top tier managed cloud provider can step in. Such a provider will have a chief privacy officer on hand – an actual working one, not just a figurehead – and a team of privacy professionals.
Look for a data center that employs a CPO with the credential "Certified Information Privacy Professional in the United States (CIPP/US)" or "Certified Information Privacy Technologist (CIPT)." Both are designated only upon completing rigorous coursework with the International Association of Privacy Professionals.
Essential security and privacy skills
Certification can demonstrate a professional's commitment to the trade of IT security, but there are certain skills that require day-to-day, hands-on immersion in order to fully master. Indeed, because cybercriminals have many methods at their disposal, today's cyber security professional must have expertise in multiple layers of security. This includes an in-depth understanding of security at the physical level, such as the need for biometric entry and badges in secure areas; security at the network, server and application levels, which includes a range of protective measures from monitoring to patching to access controls; data encryption and backup; and of course, security at the user and device levels.
Those are the basics, but there are additional areas where cyber security expertise is needed – including before a breach actually occurs. An experienced cyber security professional will know how to conduct a thorough risk assessment of an organization's IT security and privacy vulnerabilities. This is an underperformed task at most organizations, with internal IT departments simply stretched too thin. But the reality is, if conducted, more than half of these assessments would likely reveal a breach may have already occurred, and allow you to prevent the next one. That's how prevalent breaches have become.
The good news is organizations don't need an internal team of security experts to breach-proof their IT assets. They can partner with a managed cloud provider that already employs such a force, and that knows how and where to quickly put this expertise to work.