PR Login | PR register

Wednesday, September 08, 2010      

The continual success of the network security industry owes much to ever-advancing, cutting-edge technology. This technology, however, is only as effective as the security professionals that implement and run it. This means the recruitment of high-calibre security professionals is essential for any company that wishes to be protected from the external and internal threats.

The problem that many security directors and CTOs are faced with is that identifying, training and retaining security personnel is a much harder task than it first appears, often proving to be a time-consuming and expensive process.

A company can expect to pay an IT security professional with the appropriate qualifications a salary in the region of £40K[1]. But by the time holiday entitlement, sick days and a growing company (with growing IT needs) are factored in to the equation, one employee may not be enough.

So when it comes to securing your organisation’s network, remember that competent, qualified security staff are every bit as important as the latest software and hardware.

Identifying the right employees
As with any industry, qualifications and experience are good indicators of a candidate’s credentials for the job, especially at the early stages of recruitment.

Qualifications such as Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SCCP) show experience in the security field – particularly the former, which takes five years to attain.

If your organisation does not already have in-house a security expert who understands the latest security standards and qualifications, then it’s a good idea to use a recruitment agency. Any agency that regularly recruits for the security industry will be able to source qualified and experienced candidates for you. However, be sure to give the agency as tight a brief as possible, outlining exactly what you’re looking for – and what you’re not looking for. This is an important stage of the screening process, and will go a long way to ensuring the candidates sent to you are as close a fit to your company as possible.

Obviously, there is a cost attached to using an agency, but this is often mitigated by being able to ensure that the skill set and experience of the interviewees is appropriate for the vacancy.

Employee retention and training
As discussed earlier, hiring a competent security professional is not a cheap business. A salary of approximately £40,000 per year may seem impressive to begin with but will only keep a him or her loyal for so long, so you need to be able to offer more than just money. The security world continues to evolve at a frantic pace, so it is important that the education and training packages that you offer your security employees reflect this.

Remember, most people are ambitious and will not want to feel that they are being left behind working for a stagnant organisation; they need to feel reassured that their skill set is up to date and that they can hold their own in a dynamic industry. Obviously, it’s not just employees that gain from training; well-trained staff will be an asset to your company too.

Training is a significant ongoing expense, however, so make sure it is factored in to your budget from the outset, otherwise it can prove a costly and problematic after thought.

Despite the fast-paced nature of the security world there is no avoiding the fact that routine network security can become mundane and boring. One way of countering this is by sending employees to conferences and exhibitions, which will help keep them motivated by exposing them to the latest happenings and innovations in their industry and giving them a chance to network and share experiences with like-minded individuals. Again, this is an investment in the company as much as the employee: a well-informed employee will be able to share his or her knowledge of the latest industry developments and best practice with the whole company.

Like training, conferences and exhibitions can be expensive, so make sure you budget for them.

A lot of security work is mundane and repetitive and requires a grim determination to carry out day to day. It is the sort of work that a highly trained security expert will do but will demotivate them. It may be necessary to find ways of automating or outsourcing such tasks so that they are done without fail but with minimal input from the in-house security personnel.

Finally, don’t forget that when your employees are away on a training exercise or at an exhibition or conference, you will need to source – and pay for– temporary replacements.

Security continuity
Unlike the technology securing the network, the security staff manning and monitoring it will require some unforeseen time off. For example, they may become sick, or take maternity or paternity leave, or need some time away from the office on compassionate grounds – or they may even just up and leave! Whatever the reason, there are times when they will be absent. Unfortunately for you, your organisation’s network still has to be secure, so make sure you have a security continuity plan in place. For example, measures and procedures need to be put in place so that there is always more than one person who knows exactly what is happening with regards to security at any given time. Even when using a well-documented system, vital information can be lost so it is crucial that there is continuity, irrespective of staffing issues.

In summary, security professionals are not dissimilar to security hardware and software: a significant financial outlay is followed by significant running costs. But as long as you plan and legislate accordingly, you should be in a strong position to absorb these inevitable expenses.