What Microsoft’s $20B investment in cybersecurity means for the talent gap
Author: Jeff Cobb, SHI Corp ASG Presales Vice President
Microsoft’s commitment to quadruple its cybersecurity spending – to $20 billion over the next 5 years – heralds a major shift in Big Tech’s strategy to keep customers safe. In the wake of the Biden Administration’s recent summit with Google, Apple, IBM, Amazon and others, it’s nothing less than a full-on commitment to address the rapidly growing risks to organizations, stakeholders, and the broader economy.
While Microsoft has said it’ll devote the bulk of the $20 billion to building out its cybersecurity offerings – as well as an additional $150 million to help U.S. government agencies upgrade their capabilities and expand their cybersecurity training partnerships, the company hasn’t provided additional details on precisely where these investments will be made. It’s still early days, though, and Microsoft is only one of many large tech firms expected to announce similar long-term cybersecurity roadmaps.
We will continue track developments and provide comment as more details come to light, but what we do know is that it’s no secret businesses and individuals alike face unprecedented risk from cyberattacks and cybercriminals. It’s also no secret that the cybersecurity skills gap – the difference between the fast-evolving threat landscape and the skills required to keep us safe – is widening in an already highly competitive recruiting landscape. We’re also well aware of the mounting cybersecurity threats to critical infrastructure initiatives, which has led to the recent legislation provisioning for huge government spending to strengthen cybersecurity performance.
Microsoft’s pledge to cybersecurity training highlights a major concern
Some of the most damaging attacks this year involved hackers targeting employees with increasingly sophisticated phishing techniques. This underscores the most significant cybersecurity challenge facing most organizations: its people, and how well trained – or not – they are. Building a talented cybersecurity workforce and improving the security of foundational technology is now central to a set of concrete steps the government and companies like Microsoft will commit to.
Filling the cybersecurity talent pipeline has been a longtime goal for the U.S., and the Biden administration’s executive order emphasizes the increasing importance of addressing substantial cybersecurity workforce gaps.
We here at SHI face similar challenges and are making substantial efforts to develop our people and attract and retain top talent. While the skills gap exists and is a major issue, the overall recruiting landscape is very competitive. It takes more to find and attract individuals to join your team, and we have found that focusing on the following can go a long way in making recruiting efforts successful:
- An organization’s culture and core values are its foundation, and must be more than just a poster on the wall
- A consistent focus on people
- Exposing your people to tools and concepts that develop leadership qualities and how to better communicate and relate to each other
- Structured personal and professional development programs
While it’s good news for security when the administration and major security software manufacturers commit to investing in cyber protection, maturity and awareness, it’s important to take a step back and focus on what this actually means to your organization – and how your people must prepare to manage tomorrow’s security-first business landscape.
Putting people and processes first and foremost
No one will ever say no to a bigger cybersecurity budget – but we must also recognize that simply throwing money and technology at a problem won’t actually solve anything, especially if that’s the only action taken. This is just as true with Microsoft’s $20 billion announcement as it it with whatever your organization may be thinking about adding to the cybersecurity budget going forward. Organizations serious about cybersecurity must adopt and foster a culture of security, and that takes more than straight currency.
People and processes can’t get left behind – as we’ve seen, this is usually the major cause of most security related attacks and breaches. While cybersecurity is one of the most in-demand skill sets across all industries, there is a significant gap between the growing demands of cybersecurity experts and the enduring talent shortage. That disinterest likely stems from a lack of awareness towards cybersecurity professions, along with limited knowledge of everything it has to offer. The fast-changing threat landscape doesn’t help, either, as cybersecurity curriculum often struggles to keep up with real-world security challenges.
How to overcome the skills gap in a highly competitive recruiting landscape
While we wait for specifics from Microsoft – and other major tech firms – around where its investments will be focused and how its cybersecurity training roadmap will evolve as a result, there are quite a few things you can do now to attract and retain the right people in a highly competitive market, all while kickstarting the creation of next generation cybersecurity professionals in your organization.
- Establish your key differentiation. Reflect on what your business is currently doing – or needs to start doing – to position yourself as attractive for recruitment and retention efforts. What are you doing to put yourself in a position to attract top talent and keep skilled employees on the team?
- Create and maintain the right culture. Prioritize your set of core values and communicate these to existing and future employees. A large part of these core values should be around ensuring a structured approach to personal and professional development, as talent are continuously leaving their current employers due to lack of professional development or feelings of being underutilized.
- Identify the skills gap. It’s likely to assume that most organizations are challenged with some form of skills gap, whether in cybersecurity or otherwise, it’s just a matter of identifying in what areas and why the gap might exist. For the most part, its in due part of a lack of training and career-development opportunities.
- Map out existing training opportunities to address the gap. Research existing on-demand, online or in-person training for technical cybersecurity professionals to address the skills gap, but also consider end-user training around security awareness to mitigate potential threats.
- Consider incident preparation. Organizations can facilitate incident response plans, preferably tied to your business’s larger crisis or event management program. These can be executed as tabletop exercises or even simulation environments.
For over 30 years SHI has been helping organizations implement cybersecurity training programs to enhance their security architecture and empower employees to stay vigilant on cybersecurity threats. For more in-depth knowledge on how SHI can help you ensure your people are equipped to manage bolstered efforts in security, contact us today or reach out directly to your account representative.