With the Cyberworkforce shortage being top of mind for so many right now, we sat down with our own Brian Hajost, Founder and COO, to ask him about his thoughts on this concern and here’s what resulted.
The hidden staffing benefits of compliance automation.
The path to learning a professional craft has always been complicated, from manufacturing t cybersecurity. Traditionally, you might go through an apprenticeship program or learn from a master. Then you’d get poached by another company happy to pay more for already-trained specialists. And the workforce shortage continues with the supply of high-priced specialists not meeting the demand.
When it comes to government cybersecurity, the path is even more arduous. You could get a master’s degree in cybersecurity and still not know how to STIG. There are no trade schools to introduce you to the craft, either. The only way to learn is to work alongside an expert, passing the knowledge down from generation to generation. And anyone who has ever STIGged before will tell you—that it’s a long process to learn a crappy job that you will likely leave after a few years because it has sucked out every drop of life left in your soul.
There is a way out, however, with automation. For example, you may know; that you can use automation to scan and remediate STIG, CIS, and CMMC controls, thereby removing the tedious aspects of manual STIGging. Better yet, automation solutions like SteelCloud’s ConfigOS cut weeks and months of manual work down to about an hour, speeding you to authority to operate (ATO) and strengthening security..
But there are other, more big-picture aspects to automation that you may not have considered. For example, it’s not just about robots doing the undesired work of humans. Instead, it’s a way to shift your reskilling and recruiting processes so you can solve the cyber workforce issue for your organization for good.
Rethink the way you reskill your workforce.
Traditionally, we reskill a workforce with training and mentoring. It takes time and effort. It generally takes 3-5 years for a cyber worker to become proficient. But even finding someone to train to STIG is difficult because you want some experience. With a deficit of 714K cyber workers, the industry has a 0% employment rate. So finding someone game to learn the work of compliance security is difficult. And it’s also challenging and expensive to have one of your experienced employees’ productivity compromised by having to train the new guy.
Automation can change all that. Instead of training recruits to STIG, you train them to operate a robot. With ConfigOS, we have seen low-level cybersecurity workers than train themselves on the intricacies of STIG/CIS/CMMC compliance, remediating controls, and the next steps just by operating the software. They become STIG ninjas in about a month. Then, if they ever go back to manual STIGging, they are better off having worked with automation. They know the process. They have seen the use cases. They understand the fixes.
Change the way you recruit and use your resources.
As things stand now, if you need more resources for compliance, you pay a hefty price to get them. With job vacancies at an all-time high, it’s a job seeker’s market. Most recent college graduates don’t want to start their careers with this kind of work. And experienced workers are in top demand. so, the most challenging job you can give your recruiters is looking for someone with compliance experience who wants to work for you.
Automate the compliance work, however; now, you can recruit lower-level employees with fewer skills to work at lower wages—not to do the grunt work, but to operate the automation software while working on other priorities. So, instead of a repetitive, mind-numbing job manually STIGging, they have an exciting job learning new things and doing various cybersecurity work.
Need a whole team of STIGgers? Just wash, rinse, and repeat to clone your capabilities. Compliance automation makes your cybersecurity team infinitely scalable because the robots doing the work can take on virtually any number of security controls during their 24/7/365 shifts. They won’t complain. They won’t make demands. And they don’t make mistakes.
In short, automation can cause you to fundamentally rethink how and whom you recruit for these cybersecurity positions. And it can help your recruiters shift from “this %&$#@ workforce shortage!” to “what workforce shortage?” with just a simple install of compliance automation software.
Addressing the cyber workforce shortage with automation changes EVERYTHING.
Automation doesn’t replace the work people value. But, as a result, it addresses the work people don’t want to do—exacting, tedious work with consistent rules. Automation creates a balance where machines do what they do best, and humans do what they do best. And that, in turn, gives you the bandwidth and budget to get more done.
If you think of STIG work as friction, you’ll see how manual STIGging adds friction to the compliance process. Automation’s job is to reduce that friction. Once reduced, your team can get ahead on their accreditation work. They can be patching and testing. They can be deploying applications, managing cloud migrations, being more proactive about risk management, and removing the bottlenecks between you and your security vision.
With a growing cyber workforce shortage, inflation, and record numbers of Baby Boomers retiring, something’s got to give. Compliance automation neutralizes those issues and allows you to rethink your reskilling and recruiting strategies for a more prosperous and sustainable pipeline of cybersecurity professionals. To learn more about the hidden benefits of automation, schedule a free demo of ConfigOS today.
To learn more or connect with Brian, click here or LinkedIN.
