Staffing & Professional Services Firms’ Growing Role in Cybersecurity

Balancing Talent Acquisition with Risk Management

According to the ISC² 2024 Cybersecurity Workforce Study, the global Cybersecurity workforce reached 5.5 million in 2024, but demand still outpaces supply by about 4.8 million roles, a 19 percent increase in the shortage year over year.

The cybersecurity talent shortage has become a defining risk for organizations worldwide. As a result, an increasing number of IT departments have been heavily relying on staffing and professional services providers like Brooksource to fill urgent roles and run critical projects. Yet even this use of external support to address cybersecurity talent gaps and bandwidth constraints comes with inherent risks. Consultants often require privileged access to your enterprise, control over sensitive systems, and the ability to shape security posture in ways that can either protect or endanger your organization.

However, as business leaders, we recognize that every decision entails its own unique set of pros and cons, and ultimately, it is our responsibility to understand the available strategies and make the best decision for our organization. When it comes to matters as encompassing and impactful as cybersecurity, it’s always helpful to turn to the experts to ensure you get a holistic view of all available options. This is why we sat down with a trusted advisor of our own, Richard Connor, Brooksource’s Cybersecurity Advisor, to help explore the various risks associated with this talent shortage and highlight how working with the right talent solutions partner can mitigate exposure while enabling access to scarce cyber talent.

The Talent Imperative in Cybersecurity

For over 10 years, Richard Connor has been partnering with CIOs, CISOs, and compliance leaders to build robust security frameworks that protect data, ensure regulatory compliance, and reduce risks. Throughout that time, Richard has had a front-row seat to the growing prioritization of cybersecurity by organizations across all sectors and the resulting surge in demand for talent.

Executives have no other choice but to turn to staff augmentation, professional services engagements, or hybrid models, such as Brooksource’s Elevate program, which allows organizations to “build in-house talent” by converting contractors into full-time positions upon completing their project. However, without trusted staffing partners, these arrangements can add as much risk as they resolve.

Inherent Risks of Cybersecurity Staffing

We’ve previously covered how bad actors are taking advantage of companies that are eager to fill roles quickly, but here are some additional risks of Cybersecurity Staffing that Richard identified.

1. Privileged Access Risk

A 28% increase in insider-driven data exposure, loss, leak, and theft events was recorded between 2023 and 2024 (StationX, 2025).

Contractors and consultants often hold administrative rights or privileged accounts. Policy writing, penetration testing, or architecture work usually requires deep but temporary access. If not monitored and controlled, these users can become vectors for insider misuse.

2. Capability & Competence Risk

It’s clear that underqualified hires pose significant performance and security risks, particularly when not adequately monitored. However, skilled professionals who lack alignment with internal controls can also pose a risk by unintentionally exposing systems.

3. Compliance Risk

Third-party labor is no longer just an HR issue. It is a supply chain and enterprise risk management issue. Boards are expected to demonstrate oversight of contractor risk as part of frameworks like NIST CSF 2.0, ISO 27001, and SOC 2. Thus, executives cannot ignore staffing risk when it directly affects fiduciary duty, compliance, and reputation.

4. Continuity Risk

Cybersecurity is a knowledge-intensive field. If any resource, contractor, or even full-time employee leaves suddenly, organizations face knowledge loss and project disruption.

5. Reputational Risk

A single incident can damage trust with regulators, customers, and investors alike.

$1.7 Billion: The total cost of Equifax’s 2017 data breach, when one calculates both the direct and indirect costs of the incident, including everything from regulatory fines, class action lawsuits, and damage to the organization’s reputation.

Inaction Can Be Just as Costly

Like all things in business, high demand for a resource or skill set is typically associated with a high price. Given the stiff competition and high price tags, it’s understandable that some organizations are hesitant to invest heavily in this cybersecurity “arms race.” However, inaction can be just as costly.

The IBM Cost of a Data Breach Report 2024 found that organizations with severe security staffing shortages faced average breach costs of $5.74 million compared to $3.98 million for better-staffed peers. This means staffing shortages add an incremental cost of $1.76 million per breach (IBM, 2024).

How the “Right” Talent Solutions Provider Can Mitigate These Risks

The right partner provides more than resumes - they actively reduce exposure. Yes, when it comes to cybersecurity, even the most robust strategies still hinge on the knowledge and practices of each individual working within your environment. This is why you need to be selective in your partnerships, as not every organization is the same. Some industries have even adopted the use of third-party organizations like HITRUST to “vet” potential partners. However, here’s a quick glimpse into some of the risk mitigation efforts you should be benefiting from when working with a consulting or staffing firm, like Brooksource.

Building a Risk-Informed Staffing Strategy

Given the current landscape of the Cybersecurity workforce, the use of or reliance on consulting and professional service providers is unavoidable. But unmanaged staffing is a liability. If you are to take anything away from this piece, let it be the following:

1. Treat contractors and consultants as part of the supply chain, subject to third-party risk management.
2. Embed staffing into enterprise risk management processes.
3. Use technical safeguards such as privileged access monitoring, identity lifecycle management, and regular audits.
4. Ensure your talent solutions partner shares accountability for risk, not just speed of placement.

Organizations that treat their talent approach as a strategic risk vector can protect themselves while gaining the talent they need. Professional services providers that blend speed with security offer executives a way to balance both imperatives. All that’s left for you to decide is which partner makes the most sense for helping close your talent gap while keeping risk top of mind.

Interested in Learning How Brooksource Can Address Your Cybersecurity or Workforce Challenges?

View a Case Study on Brooksource’s Cybersecurity Workforce Support

Schedule an Introduction Meeting

Meet Our Trusted Cybersecurity Advisor

Richard Connor, President - LockStock Cybersecurity & Analytics | Cybersecurity Advisor - Brooksource

Richard Connor leads cybersecurity and risk strategy for Brooksource, helping organizations engage professional services and contingent staff in ways that protect their data, systems, and reputation. He works with business and technology leaders to design secure engagement models that integrate governance, accountability, and access management throughout the staffing lifecycle.

In partnership with LockStock Cybersecurity & Analytics, Richard brings deep experience in regulated industries where trust, transparency, and compliance define competitive advantage. His approach ensures that professional services operate as a controlled and auditable extension of the client’s enterprise, enabling agility without increasing risk.