top 7 strategies for overcoming it talent shortages
DESCRIPTION
Top 7 Strategies for Overcoming IT Talent Shortages Learn from Cenzic's Chris Harget as he describes the top strategies for maximizing security effectiveness of current staff and resources. Specifically, you'll learn: - Symptoms you are short-handed - Key indicators for which strategy will maximize value from existing staff and resources - Creative tips for convincing your organization to make changes The current market environment makes finding, training and retaining the right IT employees challenging. Challenges or not, you can gain the skills to protect your organization from excessive security risk. This presentation is a great place to start.TRANSCRIPT
![Page 1: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/1.jpg)
1
Cenzic Live! Webinar: Top 7 Strategies For Overcoming IT Security Talent Shortages
Chris Harget - Product Marketing
![Page 2: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/2.jpg)
Agenda
Symptoms
Strategies
Finding The Win
2 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 3: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/3.jpg)
3
Symptoms Of IT Security Talent Shortage
![Page 4: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/4.jpg)
Know The Signs
Incomplete picture of security posture
Backlog of untested applications
Slow remediation when app vulnerabilities discovered
Things done wrong/done twice
Too many long shifts
Open reqs, hiring freezes, “irreplaceable” departures
No vulnerability monitoring of production apps
Data Breeches
4 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 5: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/5.jpg)
The Need Is Significant
5 Cenzic, Inc. - Confidential, All Rights Reserved.
Source: Cenzic Application
Vulnerability Trends Report 2013
![Page 6: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/6.jpg)
Mobile App Vulnerability Types - 2012
6 Cenzic, Inc. - Confidential, All Rights Reserved.
Source: Cenzic Application
Vulnerability Trends Report 2013
![Page 7: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/7.jpg)
Benchmarks For IT Security Staffing…
…Are Really Hard To Come By.
How many security analysts/100 apps?
That depends on;
– Size of apps
– Depth of scan desired
– Coding practices
– Scanning frequency
– Quality of scanning tools
– Division of labor with QA/Dev/Production/GRC
7 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 8: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/8.jpg)
Know Your Specific Shortage
Not enough bodies
Not enough time
Not enough skills
Not enough tools
8 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 9: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/9.jpg)
9
7.2
Strategies For Overcoming IT Security Talent Shortage
![Page 10: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/10.jpg)
Bodies: Finding/Hiring/Renting
Job titles include;
– Application Security Analyst/Architect
– Penetration Tester
– Application Security Engineer/Tester/Specialist
– Ethical Hacker
If you can’t hire locally, consider managed services
– May be easier/faster than getting increased headcount
– Helps jump-start process
10 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 11: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/11.jpg)
Time: Prioritize, Specialize, Automate
Prioritize
– Are you mitigating the biggest risks first?
Specialize
– What tasks are best done by your team?
– e.g., Remediation, Management,
– What tasks can be offloaded?
– e.g., Dev trains app traversals or Managed Service runs scans
Automate
– Leverage Enterprise-grade tools
11 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 12: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/12.jpg)
Talent/Skills: Train, Borrow, Rent
Train
– How to scan, coding best practices, how to manage
Borrow
– Get Developers for app training & Remediation
– Get QA for re-running scans
Rent
– Managed Services can augment specialized tasks
12 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 13: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/13.jpg)
Tools: Quality and Quantity
Quality
– More accurate scanners improve security and save time
– Quantified app risk scores enable optimal risk mitigation
– Enterprise dashboard shows total risk and trends
Quantity
– Web-based app-training tool goes everywhere needed
– Having enough seats for each Analyst, Developer, QA, GRC, and Executive leverages whole organization
13 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 14: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/14.jpg)
Top 7 Strategies
1. Hire
2. Prioritize
3. Specialize
4. Automate
5. Train
6. Borrow
7. Rent
8. Quality/Quantity
14 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 15: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/15.jpg)
15
Finding The Win
![Page 16: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/16.jpg)
Justifying Resources
16 Cenzic, Inc. - Confidential, All Rights Reserved.
Non-technical people need non-technical explanations
– Keep it simple
– Use cost-benefit for budget
– Use relative-risk for reallocating people
Quantified risk is easier to understand
– E.g., Cenzic’s HARM™ scores
Bonus: Watch “Top 10 Ways To Win Budget for Application Security”
https://info.cenzic.com/webinar-security-budget.html
![Page 17: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/17.jpg)
Making the Case Simply…
Hackers use hidden Application commands to steal data and damage web sites.
Gartner Group says 75% of attacks now target the Web Application Layer
Scanning tools and App Security experts help efficiently find and patch these vulnerabilities.
17 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 18: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/18.jpg)
Detects Web & Mobile App Vulnerabilities
Easy-to-use Software, DIY Cloud, or Managed Service
Accurate behavior-based Scanning protects
– 500,000+ online applications
– $Trillion+ of commerce
Delivers best continuous real-world Risk Management
18 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 19: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/19.jpg)
Tools
Cenzic Enterprise
– Unified console
– Web-based app-configuring makes it easier/more affordable for people all over your enterprise to contribute
– E.g., Developers can define traversals of their own apps
19 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 20: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/20.jpg)
20 Cenzic, Inc. - Confidential, All Rights Reserved.
One-click virtual patching
via tight integration with leading
Web Application Firewalls
Application Vulnerability Monitoring In Production
.
+
Identify Risk
Mitigate
Risk
=
=
![Page 21: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/21.jpg)
Managed Services Offerings – At-a-glance
21 Cenzic, Inc. - Confidential, All Rights Reserved.
Bronze Silver Gold Platinum Industry Best-Practices for
Brochureware sites
Industry Best-Practices for forms and login protected
sites
Compliance for sites with user
data
Comprehensive scans for Mission
critical applications
Phishing X X X x
Light input validation X X X
x
Data Security X X X x
Session management X X
x
OWASP compliance X
x
PCI compliance X x
Business logic testing
x
Application logic testing
x
Manual penetration testing
x
![Page 22: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/22.jpg)
Compliance in a Hurry
Who?
– A Health Maintenance Organization
Need?
– Deep scan of a new application on a tight development schedule to ensure compliance.
Solution?
– Cenzic PS performed Manual Penetration testing along with the comprehensive vulnerability scanning to provide a very thorough scan which could suffice for any compliance or audit need.
22 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 23: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/23.jpg)
Rapid OnBoarding of New Apps
Who?
– A Fortune-100 Banking and Services company
Need?
– Quickly begin scanning 110 applications
Solution?
– Cenzic PS did Custom Onboarding Engagement, training each app traversal so that the Bank’s IT Security Analysts could then run scans themselves using Cenzic Enterprise software.
Result?
– Met their timeline needs, and kept the scanning results in-house, per their corporate policy.
23 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 24: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/24.jpg)
Methodology Assessment With Developers
Who? – Global NGO with thousands of web sites
Need? – Methodology Assessment of their security posture, and
real-world training of their Developers
Solution? – Cenzic PS did a 3-day engagement with their App
Developers.
– Reviewed 10 most common vulnerabilities, found examples in their production apps.
– Cenzic PS demonstrated on a Live Demo site how a hacker could exploit those specific types of vulnerabilities
– Reviewed coding best practices to completely eliminate said vulnerabilities.
24 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 25: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/25.jpg)
Vulnerability Scanning a Mobile App
Who?
– High technology company with a mobile application that accessed sensitive customer data
Need?
– Vulnerability Scan a mobile app that can not be traditionally traversed with a spider.
Solution?
– Cenzic Mobile Scan service performed a dynamic analysis by placing a proxy in line to the mobile app, which allowed technicians to replay various attacks and coupled it with a thorough forensic analysis of the application on the device to identify vulnerabilities that exposed customer data.
25 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 26: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/26.jpg)
Fitting Strategy to Your Need
1. Hire
2. Prioritize
3. Specialize
4. Automate
5. Train
6. Borrow
7. Rent
8. Quality/Quantity
26 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 27: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/27.jpg)
Cenzic Can Help
Train your people
Give them better gear
Have someone else carry the baton
27 Cenzic, Inc. - Confidential, All Rights Reserved.
![Page 28: Top 7 Strategies for Overcoming IT Talent Shortages](https://reader035.vdocuments.us/reader035/viewer/2022062513/5575e5e3d8b42af74e8b4a1e/html5/thumbnails/28.jpg)
www.cenzic.com | 1-866-4-CENZIC (1-866-423-6942)
Questions?
[email protected] or 1.866-4-Cenzic
Blog: https://blog.cenzic.com