Executive viewpoint

At a time when the global oil and gas industry is engaged in robust E&P, technology continues to play a major role in companies’ operations. However, the very technology that drives our industry’s success is being stymied, not from a technical, innovative perspective, but by a large, and growing, personnel problem. The effects from this HR roadblock don’t just impact daily operations. They also hamper companies’ abilities to address cybersecurity issues worldwide.

By generally accepted estimates, more than 300,000 technical, engineering and IT-related jobs in the U.S. industry, alone, are unfilled. The causes are three-fold. The primary reason is that the nation’s universities are not producing enough technical graduates. Second is the personnel shortfall in meeting rapidly increasing future demand. Third is the looming crisis of retiring expertise, dovetailing with a shortage of experienced, mid-range professionals who can advance on the career ladder.

Additionally, amid all the talk of expanding H-1B visa personnel, fear mongers only make the situation worse. In the U.S., for example, having the job market overrun by foreign workers, laboring at a fraction of typical salaries, is not a realistic scenario. On the contrary, the industry can find wage-appropriate work for virtually everyone who is looking for a skilled position—even if the labor pool were increased, to close the existing, or perceived, gap. Anecdotally, one premier engineering educational institution recently said that it receives 15 offers for each graduate in its computer science program.

However, this may beg the question of how cybersecurity ties in with recruiting skilled people on the E&P operational side, when electronic security is widely perceived as being an IT issue. Actually it’s all interrelated. Keeping a company’s business running requires back office people with a diverse knowledge base: from knowing how to keep networks functioning to hooking up communications systems.

So, when companies are involved in process automation, SCADA and improved data flow (“oilfield of the future”), for instance, management invariably finds itself lacking certain resources. When more and more governmental requirements force companies to cope with reporting issues, such as affordable care (in the U.S.) and, increasingly, cybersecurity—on top of everything else—the companies are often caught flat-footed.

That’s because cybersecurity is essentially data security, integrity and assurance. These issues are not necessarily classed as IT, but, nevertheless, they are run by the same people. And, as a result, an intriguing collision of interests has developed. The industry has a pool of people who need to know about IT, but who also need to know about, and understand, the nitty gritty of the industry. Right in the middle enters the new “800-lb gorilla” of cybersecurity.

What’s the solution? It all comes full circle to HR, once again. Many of the problems that companies experience can be solved by cloud computing, but these issues have been held in check, due to a personnel shortage. Meanwhile, during the industry’s boom times, all signs point to the new reality that educated, skilled and talented people can be attracted to jobs within oil and gas. That goes for both sides of the HR equation: operations and IT, the latter delivering the Cloud solution to cybersecurity for companies of all sizes.

Beyond not producing and attracting enough new graduates, the outsourcing paradox is the worst enemy of many companies. Companies, which have outsourced virtually every function that appears viable, have stopped short of bringing in outside cybersecurity expertise.

Yet, real-world experience shows that the more assistance that CEOs and management get from one or more vendors, the more likely they will be to find the key to leveraging their HR problems and, in turn, solving the cybersecurity issue. Additionally, companies should call an abrupt halt to keeping all of their data behind their own brick and mortar. They should follow the example of industry leaders and utilize secure data centers.

Meanwhile, among every issue that can be brought front and center, citing a company’s small size is potentially the most deadly way to get lulled into a false sense of security. Hearing the comment, “We’re small fish; they [hackers] wouldn’t bother with us. With some rudimentary cyber defenses, we’ll be okay,” should make an executive cringe because it’s spectacularly unwise on both counts.

Firstly, enough companies have now been hacked that companies should clearly realize that having a cybersecurity plan is necessary.  Companies must be able to react. They must know, specifically, how they will respond to their data and IT systems coming under attack. And secondly, companies without a plan run the risk of having shareholders rebel, perceiving that executives are shirking fiduciary responsibility, if they fail to protect their investments.

In conclusion, companies cannot afford to view cybersecurity as either a technical or organizational issue. Instead, it is, fundamentally, a personnel issue. In wading through the labyrinth of operations, regulations and different types of cyber attacks, it is evident that there is no single technical solution. Rather, cybersecurity must be developed by capable people on both the IT and operational sides of the business.

As an astute industry insider commented, “It’s just a fact—cybersecurity’s not the technology issue that so many executives think it is. It’s a people issue, and we have to leverage our resources to deal with it. Otherwise, the industry will be so far behind the proverbial eight-ball that it’s hard to see if we’ll ever recover.”