I see this in many of the technology enterprises we meet. It comes up from CISO as an issue any time discussing our solution (ReSec) and from most of our friends and partners promoting other cyber solution. The lack of skilled IT staff.
There are not enough skilled IT security professionals. Not in the US, not in the UK and nowhere else in the world. CISCO (Cisco 2015 Annual Security Report, Cisco, Jan. 20, 2015) estimates that today about a million IT Security professional are missing, and that 4.5 million positions will be vacant in 10 years. The shortage becomes even more acute if you consider specific roles which require years of training and hands- on experience, like reverse engineering, cyber intelligence and of course CISOs.
While creating new training scheme is certainly a necessity, it will by no means be sufficient to fill this gap. Training an IT security professional is a long, expensive process and in many parts of the world the role is not perceived as “sexy” enough to drive millennials to it. It is also on the other hand a highly demanding role that requires constant learning as the enterprise environment is ever changing and as the challenges and risks continue to grow. A Rare exception of this is the state of Israel, where cybersecurity jobs are highly coveted and fresh graduates of the military cyber and information security units are snatched to work for cybersecurity startups and large corporations. Put few places can rival or even match Israel’s training capabilities and the extensive hand-on experienced given to cyber troops during their service. And even in Israel the shortage is felt.
Even a cyber superpower like the US if finding it very tricky to meet the cyber demand- in a recent panel discussion, a CISO of a large corporate estimated it takes him 6 month to fill an open cybersecurity position, and many positions are left open due to lack of quality manpower. So if training enough people is not the answer to bridge this gap, what could be?
The common answer is technology.
Technology can do what no man can – it can scale up and automatically handle multiple incidents and alerts.
But not just any technology- especially not one that creates need for more manpower to handle it. Automated, conclusive technology that interfaces to existing systems and facilitates workflows. Content filtering and processing systems, SIEM automation platforms, and machine-learning AI solutions will all mature in the near future to help reduce the workload and allow fewer analysts and cyber specialist to handle even larger volumes of malware and other threats targeting the enterprises.
When considering the procurement of a new cybersecurity system or technology, CISO must take into consideration the following points:
- Is the product quick to install and requires little configuration, update and maintenance?
- What is the expected false positive rate?
- How long is the training process and what are the pre-requisites from the users? Does the system require a new skill set?
- Does the system work mainly in automatic, semi-automatic or mainly analyst-approval mode?
- Does the system integrate with other products and can be part of a larger automated process running throughout the enterprise?
- Does the system allow for effective real central management of it’s performance as well as general updates and maintenance?
- Is the product easy to update/ updates automatically to counter new threats?
All these questions should be looked into before making a buying decision.
Remember- having a shiny new toy and no-one to operate it will do little to increase your organization’s security…