The Future of Work in Cybersecurity | Deloitte US has been saved
Authors: Tara Mahoutchian and Mike McLaughlin
Contributors: Jerry Peruchini and Rozi Xu
Leading organizations are re-architecting work to drive outcomes that identify the problems of the future and modernize their approach to building teams. For CISOs, what does it mean to reimagine the future of work in cybersecurity? To find an answer, we propose a focus on the work, workforce, and workplace paradigm.
The work: Consider everything from value flows and organizational capabilities to work outcomes. For many organizations, that might mean investing in AI to accelerate operations and explore ways to unlock new value across the human-machine spectrum for key work outcomes. In cybersecurity, the exponentially complex IoT environment, rapid rise of social-engineering attacks, and broadened attack landscape due to remote work, must be tackled differently than the phishing or malware threats of the past.
The workforce: Consider skills and human capabilities, as well as talent access and development. Future-proofing your workforce isn’t as simple as launching a learning campaign to upskill employees. Deploying next-generation career ladders that flex with your employees’ needs and geographies is a critical part of retaining top talent. The modern workforce expects this kind of mobility and the opportunity to grow their careers within an organization. Enhancing the employee value proposition creates an irresistible talent experience for employees, while also providing leaders with a more stable pipeline of internal talent to meet evolving organizational needs. Cultivating employees by helping them grow their careers is as important as rearchitecting the work itself–-both are essential to stem the Great Resignation and develop leading-edge, proactive mitigation strategies to today’s cyber challenges from inside your four (virtual) walls.
The workplace: Consider workplace locations (virtual and on-campus), design, culture, policies, and programs. Organizations are now identifying market trends to create a talent-centric workplace that supports community-building, agility, and worldwide cross-functional collaboration.
CISOs should consider three critical perspectives as they shape their work, workforce and workplace:
1. Redistribute work: Leverage automation to re-architect work and further embed security and privacy into cross-business operations. This includes determining where (in the office or virtual) tasks should be performed to maximize ROI and which tasks may be candidates for automation. Not all roles, even in cybersecurity, need to take place on a physical campus anymore. If you find that employees’ skills don’t match the work they are responsible for, strike a balance between reskilling, hiring externally, and cultivating an environment where exploration and career mobility are part of the culture.
2. Make security and privacy marketable: Aligning an organization’s brand to data protection and threat mitigation is a strong marketing position. Customers want to know how a product or service supports their right to security and privacy. Communicating that hardware and software prevent hacking and protect them online is an important differentiator and can also enhance how prospective employees view a career with the organization.
3. Shift to cloud platforms and agile methodologies: Legacy product support, particularly in the security space, can make it difficult to define a fully “cloud-enabled workforce.” In some cases, moving to the cloud can change cybersecurity threats to an organization. Without an innovative, forward-looking workforce to support the shift, moving to the cloud can mean added risk.
Our Near-Term Suggestions:
When employees from all functions understand the importance and relevance of cybersecurity and privacy everywhere—and they are incentivized to support it as part of their individual work outcomes—the organization’s overall security posture is strengthened.
- Reimagine open work: Identify ways to effectively work across global time zones and on collaboration platforms; consider limiting the number of people who are designated as “on-site only” by leveraging virtual technology.
- Develop internal tech talent ecosystems: Provide a holistic approach to managing security and privacy risk by using automation to mitigate the skills gap in the current workforce while enhancing core talent strategies. Think beyond a standard skills assessment and gap analysis to approach hiring, training, retaining, and outsourcing high-value skills. Leverage partnerships for tier 1-2 support to keep your FTEs focused on high-value work when possible.
- Educate other executives: Bring the concept of open work and internal cybersecurity talent development to the rest of the C-Suite, this provides a chance to modernize dated thinking around the role and operation of security within organizations.
Connect with us to discuss your critical goals in the coming year.
Authors
Contributor
