Keith Turpin, CISO of The Friedkin Group, and Juan Gomez-Sanchez, VP or cyber resilience at McLane Company, share advice for CISOs on how to rethink their security programs amid the ongoing talent squeeze.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

CISOs face a deepening cybersecurity talent shortage, with 95% of practitioners reporting skills gaps at their organizations. Keith Turpin (The Friedkin Group) and Juan Gomez-Sanchez (McLane Company) share strategies for addressing this: transitioning IT professionals into security roles (a process taking roughly two years), treating talent gaps as a first-class security risk tracked as a KPI, and making architecture and tooling decisions that account for staffing constraints. AI compounds the problem by enabling attackers at greater scale while also offering some defensive automation, but agentic AI capabilities for security remain immature. CISOs are rethinking hiring, training, insourcing vs. outsourcing, and platform consolidation as structural responses to the persistent talent squeeze.

CISOs step up to the security workforce challenge