Cybersecurity With a Mix of Challenges

By Crystal Pitts, Chief Information Security Officer, North Carolina Department of Commerce, Division of Employment Security

Cybersecurity is a hot topic for a good reason that is not going away. Cybersecurity teams are continuing to defend their environment against threats that never stop and are increasing. At a time when ransomware can be bought prepacked and ready to use by someone with minimal technical skills, along with customer service provided if needed, it is crucial to have a highly functional and collaborative team.

With hiring, retention challenges and a shortage of skilled individuals, we have to think outside the box to build the right team.

Grow up and within…

Look into college and high school intern programs or start one yourself. I have found that students interested in cyber security are eager and excited to learn and step up to help wherever they can. In a field where there is always more work to be done, another set of hands can help move tasks along and gradually the intern gains skills to become an asset to the team.

Another opportunity is through programs for people that want to learn a new field, such as military veterans. I have partnered with a program for military veterans and their families that is aimed to place people with a desire to learn cybersecurity in teams that can provide on the job training. In addition, to on-the-job training, the program provides training and certification opportunities. The combination of ethics and determination of veterans is a great fit for cybersecurity teams, and when combined with on-the-job training and continuing education, it’s a win/win for everyone involved.

Cybersecurity is part of everyone’s job, but you may have internal staff that comes from other areas of IT or even outside of IT that desire to have cybersecurity as the focus of their daily job. In addition, identifying these people requires management to be willing to allow their staff person to be matrixed to a cybersecurity team while they split their hours with the current job duties. This is why, I’m where I am today. I expressed a desire to learn and be part of an enterprise security team while being in an enterprise application support team. I was fully supported by managers from both teams and eventually moved to the enterprise security team full time.

Most security teams never have the desired number of team members to match the increasing day to day threat. This makes collaboration, communication and trust must-have priorities within the security team, other IT teams, and the business. My team is constantly communicating and sharing info but even more important, they support and trust each other. They have also built relationships with other IT teams and business staff that shows through positive feedback and accomplishments.

it is also important to provide awareness training and partner with business staff, so the agency has more eyes and ears trained to detect and report threats. Building the trust and confidence with the business opens the door to communication from across the agency and prevents staff from being hesitate to report potential issues to the security team.

Over the last four years, we have gone from not having a security team to growing a highly skilled and motivated team to support multiple security products, processes, and projects. This growth and progress would not have been possible without our CIO, Raju Gadiraju and our executive team’s support.