Staffing In-house Cyber Security: New Irish Stats

As cyber security remains rooted firmly at the top of every company’s list of priorities and concerns, it’s tempting to hire an in-house expert with the requisite knowledge and skills to take ownership of the mammoth challenge.

 

The issue with that approach quickly becomes apparent. Security experts are in demand, they command good salaries, and they are needed 24 hours a day. Even the largest organisations struggle to resource a Security Operations Centre in-house.

 

One leading publisher on the cyber economy puts the figure of unfilled cyber security positions worldwide at a fairly unsurmountable 3.5 million[1]. Cyber Ireland just published the State of the Cyber Security Market in Ireland[2] showing the situation in the Irish economy.

 

The stats: cyber security professionals in Ireland

  • Demand in Ireland has more than trebled since 2019. There were over 6,700 unique job postings for cyber security professionals in Ireland last year, three times the 2019 volume.
  • 83% of Irish businesses expect to grow their cyber security team over the next 12 months.
  • Average salary in the cyber security industry is €75,000 – almost double the Irish median salary.

The Irish cyber skills shortage and its impact
A report by Experis Ireland (https://www.experis.ie) earlier this year found that the cybersecurity sector was more impacted by skills shortages than any other IT subsector[3]. The Cybersecurity Insights in the Irish Market report also found that successfully hiring these highly-sought after individuals only offers a temporary respite as the median tenure in this talent pool is a short 1.2 years. The impact of the skills shortage is real: one global study[4] found that a definitive 90% of cybersecurity leaders say that the skills gap has affected their ability to implement their cybersecurity strategy.

 

Further challenges

Recruitment, retention and remuneration are three primary challenges to building and staffing an in-house cyber security team. There are, I’m afraid to say even more difficulties. Cyber attacks don’t abide by a 9-5 schedule. They happen on Friday nights, Christmas Eve and Easter Sunday. It is impossible for an individual, and a huge ask of any moderate size team, to fully man a 24/7/365 service.

 

The sheer number of products, solutions and vendors in the security space continues to grow. Businesses often find themselves with a disparate collection of tools. Each solution may be valuable in itself but having multiple different platforms and management portals brings its own headaches. Their sheer number makes them difficult to:

 

  1. effectively manage
  2. monitor
  3. respond to alerts, and
  4. realise the value of the investment

 

Correct consolidation and interoperability is crucial. Many companies are still using legacy systems and applications that may not be compatible with the latest security protocols. Upgrading these systems can be costly and time-consuming. For smaller organisations, where in-house resources and expertise don’t exist then the challenge is even greater to understand what you need to implement in the first place.

 

Outsourcing a solution nIn a March 2023 publication, Gartner said security leaders must take advantage of trends, including outsourcing to security vendors, to maximise the value of security spend[5]. How did Gartner reach that conclusion? Firstly, midsize enterprises (and smaller) have limited capacity to provide comprehensive internal security operations. Secondly, managed security services can provide otherwise unattainable services like managed threat intelligence, vulnerability management, compliance audits, risk assessments and security testing.

 

Five real benefits of a managed security service

  • Improved security posture

Risk posture and security capabilities improve as companies gain access to experts and the efficacy of new and existing security solutions are exploited to maximum potential.

 

  • Release in-house resources

A managed security service reduces the need for specialised skills in-house and frees existing IT resources to focus on strategic projects rather than constantly responding to alerts.

  • Lower total cost of ownership

On top of removing the wage bill and the cost of the recruitment cycle, outsourcing will reveal operational efficiencies and potential license or subscription consolidation. Costs in an outsourced model are also more predictable which helps forecasting and budgeting.

  • Simplified administration

Integrating security tools and controls unlocks more capabilities without adding more vendors, procurement, contracts, support and maintenance costs.

  • Compliance support

As well as helping your organisation actually achieve compliance in an increasingly regulated landscape, a managed security service supplier can also help to demonstrate that compliance to the relevant regulatory body. That may take the shape of testing, data compilation and reporting.

In my experience, working with a managed solution (such as Viatel Managed Security) is the most effective and realistic option for all but the very largest of organisations. While no vendor or MSSP (Managed Security Service Provider) can offer a silver bullet solution, the improved posture and sheer peace of mind that results from such a partnership is invaluable.

 

Niall Tuohy is Security Product Manager with Viatel Technology Group overseeing Viatel Managed Security solutions (Viatel.com/security). Niall joined Viatel from Vodafone Ireland where he spent almost twenty years, most recently as Senior Security Portfolio Product Manager. To talk security with Niall, you can reach out directly on niall.tuohy@viatel.com.

 

[1] https://cybersecurityventures.com/jobs/ n[2] https://cyberireland.ie/wp-content/uploads/2023/09/Cyber-Labour-Market-Report-2023.pdf n[3] https://experis-ie.staging.krakatoa.eu-2.volcanic.cloud/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBekFNUXc9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==–6b3f8527329685812f672fad9db7d378be01999a/Experis%20Cybersecurity%20Market%20Analysis%20-%20July%202023%20Final.pdf?hsCtaTracking=2d9ede28-79e8-4cc9-9f7f-24f5fe533616%7Ca7dfdcc8-ff51-47f2-be5a-91989a8a2a2b n[4] https://www.hays.ie/market-insights/global-cyber-security-reportn[5] Gauthier, Albert “Quick Answer: How Can Midsize Enterprises Benefit From Security Vendor Consolidation?” Published 3 March 2023