Evaluate the complexity of your operations and the speed with which actions need to be executed.
Consider surge capacity needs and whether advanced technologies can help reduce the attack surface.
Identify your workforce requirements.
Consider the competency, flexibility, and agility of the cybersecurity workforce in your organization.
Identify ideal reporting structures and highlight where multi-functionality is preferable.
Define the required knowledge, skills, abilities, and competency of your workforce based on the roles they occupy and the business functions they support.
Identify critical gaps in your organization’s existing cybersecurity workforce.
Employ existing tools such as the NICE framework to guide internal assessments of roles and responsibilities.
Improving External Recruitment
Strengthen job postings by writing clear, internally consistent job descriptions.
Use existing tools such as the NICE framework to highlight relevant skill sets.
Gather data on recruitment through the application process, capturing types of applicants and previous work experiences.
Systematize data collection and share throughout company to prevent silo formation and support talent sourcing and development.
Evaluate recruitment data periodically to identify gaps in outreach.
Rely on multiple indicators to assess candidate potential.