Implementing a holistic security management program to address the full spectrum of required controls is challenging. Finding individuals with a broad range of skills and experience needed to design, implement, and operate in this complex environment is nearly impossible for most organizations. Other organizations, who can find talent, struggle to justify the higher pay rates demanded by today’s cybersecurity workforce. For this reason, healthcare providers need to explore new strategies on how they can meet the challenge of building and retaining an essential full-time workforce, while still providing for a surge capability to respond to new implementations, monitoring threats, and responding to incidents. This session will review proven strategies to address these issues, from building specialized security/compliance job descriptions, actionable career ladders that address employees’ retention concerns, and staffing alternatives for scarce skills to supplement the workforce when needed.