The cybersecurity skills gap is ‘not just about addressing headcount’


12 Aug 2022

Ellen Benaim, Templafy. Image: © Akofilms.com

The SaaS company’s CISO discusses the importance of API integration from a security perspective and how companies can combat the cybersecurity talent shortage.

Ellen Benaim is the chief information security officer at document generation platform Templafy. As CISO, Benaim has developed the company’s security-first approach and oversees company-wide information security and governance programmes to ensure the organisation follows all necessary protocols. In 2021, the Danish start-up raised $60m in funding.

Benaim started her career as technical support at Templafy, and quickly worked her way up to information security officer. She was promoted to CISO in March 2020. She has a bachelor’s degree in business information systems from University College Cork.

“A large part of my role includes long-term risk assessment. We have an overall level of risk we try to achieve within the businesses, and it’s crucial that me and my team ensure that any changes to our stack helps us reach that goal,” she told SiliconRepublic.com.

“Cyberthreats evolve so rapidly that this long-term view is crucial for any modern enterprise. We especially saw this come to life over the past few years with evolving work habits. For that reason, we believe that in today’s world it’s more important than ever before that data and content can be shared safely, wherever employees are working from.”

‘I’m hoping an increase in connected systems will lead to less human-error-related cyberattacks’
– ELLEN BENAIM

What are some of the biggest challenges you’re facing in the current IT landscape?

One of the biggest challenges I see in the current IT landscape is breaking down data silos to enable secure and privacy-conscious information sharing for data-driven decision making.

A lot of times we see this struggle manifest as companies are trying to transform from on-prem to cloud-based systems. For instance, cloud enables organisations to implement controls like managed identity and access solutions at scale which in turn enables the secure sharing of data throughout the entire business. However, the move to cloud is being ever stalled with tougher regulations and added digital geopolitics.

As a cloud-first company we’re able to capitalise on this value but we do see many organisations looking to make the jump to cloud struggle with accomplishing this goal, not only hurting security capabilities but also the organisation’s ability to utilise data-driven decision making.

What are your thoughts on digital transformation?

Digital transformation as a broad trend has created an environment where nearly all company information is a digital record (or content as we like to think about it) and therefore needs to be protected and secured.

This means that instead of simply looking to secure our systems themselves, we also need to look for solutions that enable compliance and security within employees’ daily workflows. And with security and privacy regulations increasing exponentially, this is a close-to-impossible job unless we’re building a tech stack composed of solutions that take this approach.

How can sustainability be addressed from an IT perspective?

Our approach to sustainability goes hand-in-hand with IT as it largely has been driven around efforts to develop more efficient code. This has allowed us to reduce the processing power and resources, and limit energy consumption to run Templafy.

As a business, we constantly review what data is necessary to process to provide our service. This ‘data minimisation’ approach also benefits our customers as many of them also value sustainability and privacy. We work with them closely to only store the most relevant, useful data necessary so that way we can delete old, unnecessary pieces and keep energy usage as streamlined as possible for everyone.

What big tech trends do you believe are changing the world?

Prioritising integrations and connectivity are incredibly exciting to me. From a security perspective, I’m hoping an increase in connected systems will lead to less human-error-related cyberattacks.

This will largely revolve around increasing API accessibility and integration. Not only do better integrations allow for employees to do better, more efficient work, it also enables a more secure infrastructure throughout your entire organisation.

For example, when APIs are accessible throughout the application ecosystem, this allows for systems to be configured through code, helping us introduce streamlined changes to configuration rather than having to go into specific applications.

From a security perspective, this enables us to do advanced things like segregation of duty and activity monitoring at scale. These benefits are a large part of why we prioritise connectivity and API accessibility at Templafy, both in our own tech stack and our platform. We know it not only benefits our own team, but also our customers.

How can we address the security challenges facing the industry?

On top of addressing the digital transformation and API-driven considerations discussed above, another challenge worth addressing is the cybersecurity talent shortage. Especially with a potential economic downturn on the horizon, it’s imperative that industry leaders are considering options for how to not only maintain their team but also build it in an effective way.

I believe this can be addressed in several ways. First, it’s not just about addressing headcount. There are other innovative ways businesses can bridge the gap. It’s important to look at how we can use APIs, machine learning and AI to combat this ongoing challenge. Improving and streamlining with these technologies can reduce the demand on already overstretched internal teams.

Businesses can also look to appoint security champions on other teams that can discover code at risk to lessen the load on security teams. Another way to reduce workload is ensuring that any product purchased has security baked in from the start. Companies should have a strict checklist of security requirements like single sign-on and multifactor authentication that need to be included in any potential product, which reduces overhead on security teams.

Finally, don’t be afraid to hire entry-level staff to ensure that higher-level staff can focus on specialised priority tasks. Unfortunately, the talent shortage means these senior workers are harder to come by, so building a pipeline of entry-level talent that can be promoted from within is an effective future-proofing strategy.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.