Implementing a holistic security management program to address the full spectrum of required controls is challenging. Finding individuals with a broad range of skills and experience needed to design, implement, and operate in this complex environment is nearly impossible for most organizations. Other organizations, who can find talent, struggle to justify the higher pay rates demanded by today’s cybersecurity workforce. For this reason, healthcare providers need to explore new strategies on how they can meet the challenge of building and retaining an essential full-time workforce, while still providing for a surge capability to respond to new implementations, monitoring threats, and responding to incidents. This session will review proven strategies to address these issues, from building specialized security/compliance job descriptions, actionable career ladders that address employees’ retention concerns, and staffing alternatives for scarce skills to supplement the workforce when needed.
Create an adaptive enterprise-wide security organizational structure to address the existing security staffing crisis
Justify creation of a security career ladder, with minimum experience and skills for each step, that will directly reduce healthcare’s ongoing security talent shortage while meeting all regulatory requirements
Design at least two management strategies to increase recruitment and retention rates for critical security positions