Introduction. This week’s first post focuses on another aspect of human resource management in IT, this time more specifically related to security architecture. In their 2019 report “Focus on Competencies to Establish Security and Risk Expertise in a Digital World”, Olyaei and Reed from Gartner examine the current challenges the IT industry is having finding qualified security architecture professionals. These concepts and challenges can be broadened to other functional areas within the IT industry and indeed to industries beyond IT.
Gartner Finding #1. The shortage of trained IT/security architecture professionals is related to a problem with supply.
“Most [security architecture] job descriptions demand specific skill sets that may not be required to perform a role, resulting in the perception of a skills shortage.”
In this report, Olyaei and Reed liken the search for the perfect IT technician to NASA trying to find already-trained moonwalkers in the 1960s. In other words, they just don’t exist. The IT and security landscape is changing too quickly and there simply isn’t a social-education mechanism (namely, higher education or technical institutes) producing enough of these type of trained professionals into the workforce to meet demand.
This is only my perception, but I would wager that most business leaders today see a shortage of workers with IT skills; demand is higher than supply. Nearly half of the companies surveyed by Gartner in this article agree (47%), saying “We don’t find the right skills or competencies”. 30% said they had difficulty finding candidates with certifications, which is closely linked but differs slightly based on the idea that certifications have more formal requirements than ‘skills or competancies’.
The reasons for this shortage are numerous and complex. It begins with education and training institutes, which simply don’t churn out enough candidates (for a variety of reasons – best examined in other articles) with relevant, practical skills to make an instant impact in the still-rapidly-expanding IT industry. The pace of change in IT and security architecture is another factor. If we compare the skillset of a programmer today with 30 years ago, and again do this but with a different skillset – such as an electrical or mechanical engineer from 30 years ago and today – the difference is greater for programmers. Computer science has evolved more rapidly and changed more dramatically than most other sciences and engineering disciplines in the past century, and formalized training solutions have struggled to keep up. Another important factor is listed below.
Gartner Finding #2. The shortage of trained IT/security architecture personnel is related to a problem with demand.
“...approximately 80% of Gartner clients are reactive to staffing requirements, evident by the absence of a formalized staffing framework. Hiring trends are reactive to the industry, regulations or incidents occurring in the enterprise. By the time this need is captured, it is already too late…as a result, most leaders will indicate that their teams are not prepared to meet the challenges of digital business, mainly because most of these skills do not exist in today’s labor market.”
While that quote on the surface may seem like a re-statement of the original ‘supply’ problem we listed in #1, it’s not. In this case, we must focus on the critical point: “the absence of a formalized staffing network”. The Gartner team did a good of highlighting some of the most significant problems enterprises face in the area of human resource management for technical fields: enterprises without a strategy and operations capability for HR become reactive, constantly “fighting from the back foot”, and remain a step behind their more strategic-thinking competitors.
Lack of a well-planned and executed human resource management program is a vulnerability linked not only to the IT industry. Many enterprises have a human resource management program and believe they are doing the right things, but are in fact not. This is because most HR programs are relegated to administrative and very basic training/onboarding tasks, and most don’t get involved in highly technical training, screening, tracking of employee metrics, or understanding the IT or other technical fields they support.
Analogy – Workforce Engineering. To highlight the weakness of most modern HR management, I always draw an analogy to engineering. For manufacturing, we have mechanical and electrical engineers (and, at a higher level, physicists and chemists). For aerospace design, we have PhDs of aerospace engineering, and car design has a similar enabling education pipeline. These highly trained experts can be found commonly throughout manufacturing and pharmaceutical company campuses. But rarely do we see PhDs working in HR management at the operational level, and we don’t have a real operational concept like “workforce engineering” in most companies. Those few enterprises employing industrial/organizational psychologists or similar professionals to design and manage workforce programs are the industry vanguards.
Recommendations. The Gartner team recommends several fixes to assist in moving in the right direction with IT talent management (and more broadly HR management): “assess the current workforce, and identify four to six competencies that will be critical to the organization’s success in digital business.” Of course, these items are a great start. I would recommend further to make a more concerted effort of HR strategies, using trained experts like I/O psychologists to design workforce maximization programs. I would re-focus management on operations and the business, and bring in trained HR professions to conduct work assessments, identify critical skills, implement selection and training programs, and maximize retention by implementing workplace-satisfaction strategies.
Source. “Focus on Competencies to Establish Security and Risk Expertise in a Digital World”, Gartner, Refreshed 8 July 2022, Published 11 October 2019.