Craig discusses Why you need to try to keep your Cybersecurity Talent and what it can cost you if you lose them.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine-Generated Transcript:
Craig Peterson: [00:00:00] Let’s see there’s Sue. There is Guy. There are Mary and a couple of other people. I can’t remember everyone’s names right now, but they are all listeners to the show and they have all changed careers. Here’s what’s going on.
Hey, if you enjoy my show here on WGAN and firstname.lastname@example.org, you might want to think about a career in cybersecurity. Now, there are a lot of people who have already started that whole career path, who can start pretty simply. And it’s really one of these careers as Guy had told me that you feel like an imposter, right? Imposter syndrome. Runs rampant, particularly when you’re first starting.
I’ve been doing cybersecurity for many decades now. And I can tell you, I still feel like an imposter at times, so it’s pretty normal, but there are a lot of jobs out there in the cybersecurity career path that is open right now. Everything from just starting out, just barely, Hey, I am a brand new guy, gal, and I want to do cybersecurity all the way on, up through CISOs, and all of that sort of stuff.
So you might know already, my company is a managed security services provider. That’s what we specialize in. We’re not a company that goes out and tweaks your computer so that, a hard drive that’s failing, just doesn’t fail anymore. Although we do that for some of our customers.
We emphasize and focus on cybersecurity. We’re looking at some of these stats we’re seeing anywhere from a half-familiar and open jobs in 2020 in cybersecurity, all the way on, up through one and a half million open jobs. And I’ve seen estimates as high as two and a half to 3 million people needed brand new people never been in cybersecurity before. Two and a half to 3 million new people here in the US that will be needed in cybersecurity by 2025. So a half a million right now, that ain’t bad is it.
Now I want to warn everybody that is in business and is looking for a cybersecurity person that you do need to have at least one person who is extremely well versed in cybersecurity and that means they’ve got to have a minimum of five years on the job, cybersecurity experience. The future of your enterprise is entirely dependent on them believe it or not. There are so many businesses that are being hacked one way or the other, and you cannot skimp on this. Can’t skimp on it at all.
I’m looking at it web page that just bothers me. This is a story here from the Freelance Star in Fredericksburg, Maryland, and this is September 7th, 2020. Stafford based cyber bytes foundation to offer a one-week cybersecurity certification course. Yeah. So if you live there in Maryland, back there by Joe Biden, wherever he lives now, and you want to be a cybersecurity professional, all you have to do is take this one-week certificate course and you too can be a cybersecurity expert, right?
They’re saying in this article that if considering a career in cybersecurity, you will be one week away from certification will prepare you for an entry-level position in the field. I’ve thought for a long time, I should be teaching some courses to people who want to really understand cybersecurity.
Cause I can bet you anything that the poor people that are teaching this course are not true experts. I can also guarantee you that after having a whole week of experience in the classroom, you’re not fit to do much in the cybersecurity business. You can probably turn on a computer and follow some basic instructions. That’s it?
I’m thinking about these people that are listeners to the show that have gone into cybersecurity. Most of them have done about six months didn’t give or take in cybersecurity courses and they come out and really in six months of just intensive, all you’re doing a cybersecurity training.
You realize that you don’t know enough. Okay. But at least they realize that after one week. I’m not sure people realize that they really don’t know what they’re doing. This is starting out here in two initial courses is gonna prepare you for the CompTIA security plus exam that tells you just how extensive that exam isn’t.
Of course, there’s a cost just under a thousand dollars. They’re approved and certified by the state council of higher education.
It’s just, wow. Wow, incredible.
So I brought all of that up because. This article that I have up on my website and was in this week’s newsletter is talking about the hidden costs of losing security talent.
We’ve got to be careful as business people because we are losing talent. We’re not respecting them. We’re not paying them enough or we’re giving them too much to do. Too many businesses look at cybersecurity as a cost center. They don’t realize that it’s not just a cost center. It’s critical. It’s essential for their business.
And if they market correctly, frankly, It is a big plus on the marketing and sales side. How many of your competitors we’re actually doing what they should be doing? So the cybersecurity talent is going to cost you money. You’ve got to provide them with the training you, my guys, my cybersecurity people spend about a third of their time, a third one-third of their time, not being productive, but actually attending courses, doing red team blue team exercises.
Okay, this is not something you can really skimp on. In fact, you cannot do it yourself. I have seen the hard numbers. You cannot do cybersecurity as a business with less than about 500 employees. Can’t do it adequately. You just can’t. You can’t get the right people. They don’t have the right training. They can’t afford to do what they need to do. Okay.
So keep that in mind. Now you can have a managed security services company come in. Be careful, make sure they don’t just have the one week certificate or the CompTIA security plus make sure they know what they’re doing.
But replacing an experienced security analyst where they’re looking for an annual salary of a hundred thousand dollars, that’s just salary plus load on top of that. And remember, 30% of the time, a third of the time they are going to be in class if they’re doing things right. When they leave that company, it typically takes eight months to replace them and almost four months to train a replacement. So that’s about a year. A full year of lost productivity. It’s always possible that your company could lose a second person during that time as well. So be very careful, a bad hire. According to the US department of labor is going to cost at least 30% of the employees.
First-year earnings for a security analyst, frankly, we’re talking about costing you 50 to a hundred thousand. If you don’t get hacked, in the interim. At which point you could lose the whole business. It’s very big. It’s a very big problem. So keep in mind everybody, when you’re looking at this, first of all, I think it’s a great career path.
If you like a challenge. If you like things that are different. If you are not really big into just messing around but you really want to learn things and do things. Cybersecurity, I think is a great way to go, but it’s continual learning.
You’ve got to keep on top of this. It is more than a full-time job.
All right. When we get back, we are going to hit a couple more articles from my newsletter week and, that’s kinda it. I think this week’s show.
So you’ll find me online, of course, Craig peterson.com. You’re listening to me on WGAN. We’ll be back on Wednesday morning. I am every Wednesday during drive time with Matt Gagnon.
We have little fun with this, and we’re going to be talking about cybersecurity on your back to school lists and tips for triaging risks. If your credentials are exposed, I’m going to give you a website that you have to go to see if your data has been stolen and leaked on the dark web. I’ll give you that URL and a whole lot more when we get back.
So stick around, we’ll be right back.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: