Cyber security skills shortage
Software is swallowing up the word… technology is taking over… AI, Machine Learning… all statements and phrases that don’t go well with
‘skills shortage in cyber security’
Not just cyber security, but many critical services and professional areas are suffering from a severe shortage due to the pace of technology and changes in generations.
One area in particular that I believe will take a significant hit is the ‘governance, risk and compliance, GRC area of security as unfortunately it doesn’t quite have the bells and whistles with the Security Operations / Cyber security roles.
So what can we do to fix it?
Option 1 is to make the GRC field more accessible, interesting and exciting to younger generations and to help pull in new talent,
Option 2 follows suit of many fields today, and that’s to automate the boring stuff to let humans do what they do best.
Why I am going with option 2..
Having worked in the security field for years and carrying out the same repetitive tasks whilst charging quite significant day rates for such a service, I’ve come across numerous companies who would like to up their game in the security and compliance space but simply cannot afford to pay thousands for the privilege.
So I’ve taken the time to analyse my day to day roles and put a large chunk of this down on paper to realise that an awful lot of my job is question and answer, for example;
Do you have firewalls in place between your internal network and the internet? Have you encrypted your databases that contain sensitive data? and so on..
Now there will always be instances where the human side is needed, such as when there is a particularly complex risk that needs explaining, but 95% of the time, it is question and answer that can be recorded, indexed and automated
But chat-bots and software is a pain and people like to talk to people
This is the case quite frequently where customers want traditional consultancy, the ability to have a report from an individual that has some level of accountability and responsibility.
For those customers, I’ve decided to keep open the traditional consultancy stance to ensure that customers are catered for, but quite often with the right conversation they are happy to switch over to a software product.
Offering the product as a supporting tool to their traditional consultancy has helped to understand their needs better.
Lets build something then
I’ll be updating the blogs with the steps of how a micro-SaaS business was built from a simple question and answer rule-set and what customers have thought.