Speaking at InfoSecurity 2016, the biggest infosec conference in Europe in London's Olympia, LinkedIn's chief information security officer Cory Scott laid out some advice for organisations that want to build out an effective security team.
Every IT department is painfully aware of just how important security is in any organisation today - we're deep down the rabbit hole compared to the early days of the computer virus. Now, security breaches are enormously damaging to your brand, and therefore to any businesses shareholders, not to mention the users.
According to LinkedIn CISO Cory Scott, there are three main areas that every security team needs to focus: talent, operational excellence, and to be inclusive. Here are a few of the pointers from his talk.
Consider the law of averages
"There is way more demand than there is existing staff," Scott said. Pulling data of security professionals from LinkedIn, Scott found that in the UK there's a ratio of five to one active jobs and open jobs.
"You might think five to one is not so bad - think about this," Scott explained. "Imagine you have an infosec team that's five people. You use the law of averages. Maybe there's one person who is a superstar. You've got three people doing a good job, and one person who is maybe struggling and not meeting expectations. That's a standard bell curve for almost any organisation.
"Now imagine you're trying to retain your talent of those five people. Guess who the headhunters are going after? That one talented person. If you're looking for new staff, guess who most likely is out there looking for a job. It's most likely the person having performance issues in their current job. All of a sudden it doesn't look so good!"
Look around you!
A great fit for your team might not be working in infosec now, but that doesn't mean they won't have the qualifications and skillset you're looking for. And they could already be working with you in the same building - say, in operations.
"Look in your existing company: network engineers and system administrators are likely to make the move to infosec," Scott said, citing data pulled from LinkedIn.
"It's really important to hook them when they're young - early in their stage of the career, rather than too late."
Listen to word of mouth
In terms of people hired from first degree connections on LinkedIn, information security is second only to computer gaming. "The number of employees that are hired from a company from their employees' first degree connections is 27.8 percent," Scott said. "That's the second most of any industry. So tapping your own networks is really important - it comes back down to figuring out who's talented and who's not.
Sign up for CIO Asia eNewsletters.