Over the past few years, we have been reminded of the demand for cybersecurity talent and the shallow talent pool. As attacks against organizations continue to rise and threats become more sophisticated organizations will have to take different approaches to strengthen and maintain their cybersecurity. Hiring dedicated cybersecurity staff can no longer be the way to thwart adversaries, eliminate risks, and mitigate vulnerabilities. Your IT staff needs to be skilled in multiple facets and disciplines of cybersecurity to ensure they are developing, deploying, and operating IT resources in the most secure manner. It is no longer acceptable that specialized and high-level cybersecurity training and knowledge be possessed by dedicated cybersecurity personnel. Cybersecurity skills and knowledge should be expected of all IT staff. For example, if you are a server administrator you should be well versed in the hardening of server operating systems, applicable methodologies, best practices, and etc. Those who have superior skills in cybersecurity should support governance activities to ensure and validate cybersecurity rather than being asked to inject themselves into projects and initiatives that too often have little cybersecurity in mind from their onset. We need to stop treating cybersecurity as a niche and see as an additional skill needed in IT functions, only then we will address the skill deficit and ensure cybersecurity is appropriately embedded in all IT initiatives.