Can contractors fill the cyber security skills gap?
5 MINUTE READ
Over the past two decades hiring processes in the security industry have changed dramatically: from traditional in-house methods to the heavily outsourced models of today. This change of approach was driven in large part by the increasingly specialised demands of a continuously evolving cyber security landscape.
Currently, many companies are turning to temporary contract workers in an effort to address the growing cyber security skills gap.
Not everyone is cut out for contract work. It demands an entrepreneurial mindset, thick skin, a strong network of contacts, and perseverance. Furthermore, contract workers have a lot more administrative work and secondary duties to stay on top of compared to their full-time counterparts e.g. legal, accounting, transportation, insurance etc.
While contract work is not ideal for those seeking a steady income, many cyber security professionals are forced to freelance due to the widespread outsourcing of work to third parties.
However, others are happy to take on contract work as it offers some unique benefits and opportunities. Those with years of experience working in cyber security may view freelancing as a way for them to provide and deliver experience and insights to companies that sorely need them.
In contrast, contract roles can also benefit fresh graduates seeking to gain a foothold within the security industry. For those in the middle of their careers, contract work can be attractive as it offers a greater degree of job flexibility.
A paradigm shift in the hiring process
The modern gig economy arose out of new digital platforms that leveraged underutilised assets. Pioneers in this space such as Uber and Airbnb are tapping into underutilised human assets through cloud tech.
Given the overwhelming success of such companies, many others were keen to suit. Forward thinking companies made an early start on their digital transformation projects, giving customers and clients easy access to a wide variety of choices via intuitive mobile apps. In this way, the gig economy evolved from a business-to-consumer (B2C) to a business-to-business (B2B) industry.
Many companies are now in the middle of a paradigm shift from a traditional structured employee career path to a temporary on-demand model. This new model helps to lower costs but it also heats up the competition for talent in the job market. Even C-level roles are not exempt. Many Chief Information Security Officers (CISO) are now being brought in on temporary contracts.
These positions normally open up up within small-to-medium sized companies that don’t have the internal expertise to adjust the executive staffing requirements on an interim basis. Contract CISO’s are typically brought in to overhaul existing security systems so that they offer protection against the latest threats. They also tend to take on responsibility for drawing up a road map which plots the future direction and aims of the security programme.
Interestingly, the gig economy mindset also exists internally in many organisations. CISOs are beginning to look to other internal departments in order to fill open positions. For instance, a network or application engineer may want to gain additional experience by participating in a security project.
According to a report published by The Association of Independent Professionals and the Self Employed freelancers in the UK contributed £119 billion to the economy in 2016. This figure was £10 billion more that the contribution in 2015.
Security leaders must be willing to tap into this growing workforce in order to fill the expanding cyber security skills gap.
Advantages of hiring contract security professionals
The first and most obvious benefit if that employers do not need to pay tax or insurance. Almost all contractors oversee their own insurance and provide their own equipment.
Furthermore, freelancers cut down on time-consuming on-boarding and training processes. As they already have significant experience, they are able to hit the ground running to deliver the skills necessary to complete the project at hand. In some cases, contractors are versatile enough to help with other ongoing projects in the organisation.
As they are only there on a short-term basis, there is no need to go through the tricky process of screening employees for cultural fit.
Finally it’s worth keeping in mind that as they are not a full time employee, contractors have a vested interest to outperform expectations. Their ability to secure other contracts in the future depends on their past performance. So in this regard, they are usually highly motivated to meet clients expectations and needs.
Closing the security skills gap
Despite the benefits listed above, companies need to be mindful of the fact that the transient nature of contract work could potentially introduce new security concerns. Freelancers often use their own equipment and mobile devices, which could introduce threats into the business environment. But the same is also true for full-time employees working remotely or from personal devices. Security consultants who are responsible for protecting their own data are more likely to advocate and follow security best practices.
Today’s gig economy represents one of the best opportunities for security leaders to close the cyber security skills gap.
Many seasoned freelance consultants see themselves as part of the businesses with which they work and identify with the values of those companies. Given years of past experience they are capable of blending seamlessly into a wide variety of workplace cultures, working in tandem with full-time employees to best serve the organisation’s security needs.