Navigating Workforce Resilience in Cybersecurity: Insights from CISOs
As Chief Information Security Officers (CISOs) grapple with ongoing skills gaps, the transformative impact of artificial intelligence (AI) on job roles, and escalating stress levels within their teams, building a resilient workforce has surfaced as a priority. Budget constraints, mandates for a return to the office, and an ever-evolving threat landscape compound these challenges, underscoring a critical need for thoughtful workforce management.
Stephen Ford, Vice President and CISO at Rockwell Automation, articulates the dilemma many CISOs encounter: the struggle to find adequately skilled personnel capable of bolstering a robust cybersecurity framework. Ford emphasizes the significance of workforce sustainability in this context, stating, “Workforce sustainability is an important consideration.” Addressing workforce resilience requires data-driven strategies, a balanced approach to skill management, and a commitment to employee well-being as integral aspects of risk management.
Approaches to Workforce Planning by CISOs
Given the erratic nature of cybersecurity tasks, Ford emphasizes the importance of closely monitoring team dynamics to gauge workload management. The balance between project work and crisis-driven tasks creates a precarious situation where team members can quickly become overwhelmed. A study conducted by ISC2 in 2025 underscores this concern, revealing that 47% of professionals report feeling inundated by their workload.
Jon France, ISC2 CISO, echoes Ford’s sentiments about workforce sustainability, noting that managing stress, burnout, and workload is a crucial ongoing concern rather than a peripheral issue. He states, “Looking after the team and leveraging the team without killing them is on our agenda too.”
Ford has implemented several strategies to recruit and retain talent, focusing on fostering engagement and helping employees navigate the daily fluctuations inherent in cybersecurity tasks. He highlights the role of data in assessing workloads, making a compelling case for resource allocation. “The right processes and the ability to measure work aid in calculating the expected workload and determining an acceptable resource level to support that workload,” he explains.
Despite the challenge of quantifying workload and justifying resource allocations, only 55% of respondents in the ISC2 study feel confident that their organizations possess adequate resources to handle security incidents over the coming years.
The Impact of Burnout on Job Satisfaction
Burnout persists as a predominant concern among CISOs and their teams. Unpredictable events can lead to significant workload spikes, amplifying the risk of burnout. Ford states, “It’s something that can overwhelm pretty quickly.”
Survey results indicate a growing consensus on this issue; 48% of ISC2 respondents report feelings of exhaustion from trying to keep abreast of evolving threats and technological advancements. Ford approaches this matter not only as a leadership challenge but also as an operational model issue, ensuring talent is nurtured to prevent overwhelming pressures from leading to attrition.
While eliminating these issues entirely may be unrealistic, Ford leverages data to inform staffing levels, strives to balance workloads, and pays close attention to team culture. He asserts, “We spend time building good teams, and we need to understand the challenges, the workload, and how they feel about the work.”
AI: A Game-Changer, Not a Replacement
AI’s role in redefining job structures is becoming increasingly apparent. Over two-thirds (69%) of respondents are in the process of integrating AI into their operations, according to ISC2. At software vendor Kantata, for instance, the adoption of an AI-augmented workforce model focuses on automating high-volume tasks while introducing AI co-pilots to act as force multipliers for team members. This includes areas like third-party risk management (TPRM) and security assessments, which have historically contributed to operational noise.
Taison Kearney, Kantata’s CISO and Data Protection Officer, points out that by automating initial data processing and alert triaging, teams can concentrate on high-impact incidents rather than being bogged down by repetitive tasks. This not only contributes to workplace efficiency but also supports long-term sustainability by allowing professionals to evolve and adapt their expertise over time.
Jon France notes that while AI will undoubtedly transform entry-level positions, it will not eliminate the need for human involvement. He likens the current wave of change to historical technological advancements in the sector, suggesting that, while the roles may shift, they will not vanish entirely. He highlights efficiency gains from this transition, while Kearney observes that automation shortens the career ladder by handling repetitive tasks, enabling junior employees to tackle complex problems earlier in their careers.
Cultivating Talent Amidst Skill Shortages
Alongside the immediate concerns of workload management, building a competent cybersecurity team remains a formidable challenge. The ISC2 survey found that nearly two-thirds of respondents noted critical skills shortages within their teams, indicating that the issue extends beyond mere staffing.
Ford acknowledges the difficulty in sourcing top-notch talent across various cybersecurity disciplines. His strategy focuses on pairing seasoned experts with less experienced team members to foster sustainable growth. “Pairing them with seasoned experts allows you to build an effective team over time,” he asserts, pointing to the long-term benefits of mentorship.
Moreover, Rockwell Automation collaborates with local universities to cultivate early talent through internships and entry-level programs. Ford believes that engaging students early and fostering their interest in cybersecurity can yield committed employees over time.
In contrast to organizations that rely on external managed service providers to fill skill gaps, Rockwell Automation prioritizes developing internal expertise. Ford maintains that nurturing talent within the organization is crucial, allowing staff to acquire critical institutional knowledge and avoid losing valuable “thought leadership” to external entities.
In summary, the evolving landscape of cybersecurity presents both unique challenges and opportunities for CISOs. The emphasis on workforce resilience, through data-informed strategies and a commitment to team well-being, is paramount in navigating these turbulent times. As the sector integrates advanced technologies, fostering talent and redefining roles will be crucial in ensuring long-term sustainability and success.