tl;dr: Cybersecurity resilience hinges not just on technology but on people. Dell experts emphasize building multidisciplined teams, investing in continuous learning, and leveraging trusted partners to help with talent shortages, prevent burnout and ensure effective incident response.
During our annual Dell Technologies World conference, I had a conversation with a customer who recently navigated a significant ransomware attack. When I asked for their single biggest takeaway, the answer wasn’t about technology. It was about people.
The experience highlighted the immense pressure and stress that incident response places on a team and how critical it is to manage the human element. This conversation inspired a deeper look into a crucial aspect of security: how do we build and support teams that can withstand not just day-to-day pressures, but the intense stress of a major cyber event?
To help unpack this complex issue, I sat down with two of our leading security experts at Dell: Jason Rosselot, VP of cybersecurity, and Vijay Krishnamoorthy, a global director of cybersecurity services. We discussed the cybersecurity talent shortage, the importance of professional development and the strategic role partners can play in creating a resilient, effective and supported security organization.
The following has been edited for length and readability.
Jason, you’ve done a lot of work on the talent shortage and building strong security teams. What’s your advice to an organization looking to build a resilient team that can withstand both daily security pressures and a major event?
Rosselot: It’s a great question. We’ve talked for years about a cybersecurity skills gap, but I think organizations need to open their aperture. A robust security team doesn’t mean finding that one “unicorn” team member. It means being open to individuals from different career and education journeys who have transferable skills. At Dell, we partner with non-profits and academic institutions to reach individuals who may not have considered a career in cybersecurity and help them understand they can thrive in this exciting field. By widening the net, we can find great talent where others aren’t looking.
It sounds like you’re casting a much wider net. Can you talk about professional development and the importance of retention once you bring people in?
Rosselot: Absolutely. Company culture, compensation and benefits are standard, but in cybersecurity, providing opportunities for continuous learning and growth are just as critical. With the threat landscape continuously evolving, especially with the rise of AI, we need to help our teams evolve too. A key part of retention that sometimes gets missed is a structured learning and development program. It’s not just about hiring someone with the right credentials; it’s about nurturing a culture of continuous learning. By helping team members build on their existing strengths and expand their capabilities, we are better prepared for the threats happening now, and what’s coming next.
From an overall talent portfolio perspective, what is the role that third parties can play in supporting in house teams?
Rosselot: Having a solid partner ecosystem is a best practice we follow here at Dell. You don’t want to be looking for a resource when you need it the most. For example, we may not need to perform mobile device forensics regularly, so we have a trusted partner who is an expert in that area. Another key area is incident response. The workload is variable, and having a partner on retainer helps prevent team burnout. It also builds trust with your customers when you can say that both our internal experts and a trusted third party have reviewed and responded to an incident.
That’s a great segue for you, Vijay. When you’re looking at how to best support an organization going through a cyberattack, what types of issues are you looking to mitigate?
Krishnamoorthy: When customers are affected by a cyber event, they primarily need help in two areas: forensics and business restoration. Forensics is about understanding the “who, what, when, where and how” of the compromise. Business restoration is about getting them back up and running, because every hour of downtime can mean millions in lost revenue. Any workload can be compromised, so restoring operations quickly is critical, while forensics is key to regaining credibility with customers and partners.
Have you seen team fatigue have a material impact on a client’s ability to recover?
Krishnamoorthy: Very much so. This is a critical aspect. When a business is down and executives are breathing down your neck, your team is pulling a 24/7 operation. We had a customer in Spain where a team member worked for 48 hours straight and had to be taken to the hospital. When organizations run tabletop exercises, they often don’t mimic the sheer level of human endurance required. This is where a services partner can come in and help alleviate that burnout.
If I’m a CISO looking at incident response resource planning, does it make sense to try to build the entirety of a team in house, or is it more cost-effective to keep that overflow valve through a third-party vendor?
Krishnamoorthy: You should have a core set of team members to begin recovering mission-critical workloads: think identity and access management, core business applications, and communication/collaboration tools. But when you’re pulling a non-stop 24/7 incident response operation to bring back those critical components, your personnel needs will significantly increase. This is where leaders need to strike a balance between having enough firefighters in-house versus relying on partners for scale and for niche skills you may not need on staff all the time.
As we conclude, I’d like to give each of you the opportunity to share one key takeaway for organizations thinking about human resource planning. Jason, I’ll start with you.
Rosselot: I would say organizations should think in two dynamics: skill sets and surge workload. There are skill sets you may not need day-to-day, and those are perfect to lean on a partner for. Then there’s the surge capacity needed during a major incident to prevent your team from burning out. You can often find a trusted partner that provides both the unique skills and the ability to scale when you have an urgent security need.
Vijay, your final thoughts?
Krishnamoorthy: Prevention is better than cure. Have a layered defense strategy, robust end-user education and a reliable staff that knows your incident response plan inside and out. And test that plan against complicated scenarios, because every real-world attack is a complicated scenario. Having the right people on staff and the right partners on standby is key. If you’re looking for those skills after an attack has started, you’re going to lose valuable time. Preparation is everything.
Explore more cybersecurity and resilience insights and resources at https://www.dell.com/en-us/lp/dt/cyber-awareness-month.
