Cisco recently conducted a cybersecurity survey that found “the lack of trained personnel was one of the biggest obstacles” to companies trying to create security organizations, Steve Martino, VP and CISO at Cisco Systems said.

Martino spoke with TechRepublic’s Dan Patterson about effective tactics for hiring and training the right tech talent, and how to build a security-first environment into their workplace.

Companies need to recognize they can’t build their own cybersecurity organizations. They must teach and empower the people they do have, Martino said. For example, Cisco created a 5-level program to train developers in security practices.

SEE: IT leader’s guide to Agile development (Tech Pro Research)

“We teach them how to do their work correctly,” he said.

He also stressed the importance of creating a co-teaming environment with DevSecOps. Security teams can implement and develop code that other teams can quickly use. You’re teaching people how to do things securely, and you’re giving them code to help them be more productive, he said.

Unfortunately, there isn’t a short-term quick fix for battling the tech talent shortage while trying to move a company’s security program forward. However, Martino suggests teaching IT people and training them with security programs.

In the future, when employers are building their talent strategy they should base it around:

  • What kind of talent do I already have?
  • What level of competency do I have?
  • How do I augment that?
  • How do I build it for long term?

Before hiring new tech talent, Martino says to look for people that are inquisitive, ask questions, and understand how computers and networks work.

SEE: IT leader’s guide to the threat of fileless malware (Tech Pro Research)

“People that want understand the puzzle. How it works, why it works that way– those make great security people because we’re always looking the problem from another perspective anyway,” he said.

“You don’t always need 10 year, 20 year veterans. You can bring in the young talent that is thinking differently.”

See Also: