Killing the Skills-Gap (from the inside and out)!

OVERVIEW

News headlines, Reddit posts, LinkedIn articles, and even internal corporate conversations everywhere often touch on a very common, and unfortunately, ongoing problem –  the skills-gap. It’s the reality that organically comes with the ever-evolving tech space: new technology breeds new threats, requiring new tools (or updated ones), thus introducing a new need for your InfoSec team: practical skills.

The impact of this “everywhere-at-once” issue ranges from increased risk due to uncoordinated response to plain old burnout among even some of the most determined individuals in the field. Several proposed solutions exist to combat skills-gaps, yet I believe event most Skill Ranges, Certifications, and Higher Education courses can become futile without proper planning stemmed from a simple question: “how exactly will this help us?”

My tested theory is that skills development, as a continuous endeavor for any team, requires its own lifecycle. One that acts as the bridge to an organization’s security needs and requirements, broken down and then defined by its applicability for said business. Its steps include identify, breakdown, hypothesize, align, research, assess, and practice (and will be presented as a framework with a template as a takeaway).

By incorporating this developed lifecycle, Leaders and Managers alike can create a tangible program to significantly reduce most any learning curve. Tested disciplines include Detection Engineering and Automation, Incident Response (all phases), Documentation, and Public Speaking.

The benefit for audience members is to walk away with a more scientific approach to handling their own skills gaps with a newly obtained conceptual approach that I am confident has universal results for almost any InfoSec skill gap.