AWS cloud security

(Source – Shutterstock)

Security dilemma: Hiring an AWS security professional or training your own

When it comes to cloud security, AWS customers are provided with coverage that enables them to improve their ability to meet core security and compliance requirements. This includes data locality, protection and confidentiality that ranges from AWS data centers and a network architected to protect information, identities, applications and devices.

As such, as organizations continue to invest in the cloud, AWS cloud security is no doubt part of the ecosystem. However, there is still one big challenge they face when it comes to managing it. Should organizations look to hire an AWS cybersecurity professional or get security certification for their engineers and architects, and get them to manage their cybersecurity?

Believe it or not, this is the dilemma organizations are facing today especially when it comes to cybersecurity. Businesses continue to invest in technologies and as AWS offers a suite of solutions to suit the various digital needs of an organization, having an AWS cybersecurity professional seems like the best option.

Yet, with skills shortage in tech being a real problem, hiring an AWS cybersecurity professional can be challenging as well. Hence, organizations are now looking to make the most of their existing staff. This includes training their tech engineers, developers, architects and other personnel to understand the various tech solutions the company is using.

The dilemma most companies face would be whether they train employees to specialize in a tech field like cybersecurity for example or wait to hire a new professional to work with their technology. Whichever it may be, Gartner has come up with three factors organizations should look into when hiring or training cybersecurity professionals.

“A dynamic skills strategy uses labor market insights to determine demand, supply and availability of talent. You can direct your recruitment and development efforts more effectively if you know who you’re competing against for specific skills, and where the talent you need already resides,” states Gartner.

Here are three tactics Gartner suggests organizations look to when it comes to developing and acquiring new skills.

Focus on skills potential and not credentials – Gartner believes that role titles and definitions haven’t kept up with the evolution in tasks and responsibilities. In cloud security for example, because the tools are evolving fast, hiring an AWS cybersecurity professional may not guarantee that the person would be able to keep up with the latest trends. The candidate may have prior knowledge in the tech but could still require more training.

On the other hand, an IT engineer within the company working with the technology would have a better understanding of the system and could easily be trained to implement new features in it. As such, businesses should focus on acquiring the critical skills needed to drive competitive advantage and be open to looking beyond traditional sources for talent.

Tap into a talent with adjacent skills – Some employees may be open to picking up new skills. In the case of cybersecurity, employees with related skills can bridge the gap between domains. Identifying these complementary skill sets can help an organization surface non-traditional internal and external candidates.

Source by talent location, not business location – Using AWS Cloud Security and other AWS solutions would mean the capability of managing these solutions from anywhere anytime. An employee need not have to be physically on-premises to manage and have visibility of the system. Be it training current employees or hiring new ones, businesses could look to leverage remote and hybrid work opportunities as a means to reduce the skills gaps.

With that said, hiring an AWS security professional or training an employee within the company should solely depend on the organization’s capabilities of managing the talent. It would be pointless to train an employee internally if it would end up compromising their current role. And it would also not be advisable to hire a cybersecurity professional if the business has not got a framework of how the role would be and the career path for it.

While some may see this as a dilemma, the reality is, the problem can be solved easily if businesses know what they want in the long run.