Unfilled jobs are the biggest threat to cybersecurity

Automation, a deeper talent pool and more women can help close infosec gap

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

When asked, “what is the biggest threat to inter­net secu­ri­ty?” the major­i­ty of quick-fire answers can like­ly be rep­re­sent­ed by the flags of a hand­ful of nation states.

Ed note_Vectra_Gunter OllmannYet exam­in­ing the nature of the indus­try, it can eas­i­ly be argued that the biggest risk inter­net secu­ri­ty faces is the gen­er­al inabil­i­ty to respond to and counter attacks launched by adversaries.

Today, it is esti­mat­ed that there are more than 1 mil­lion infos­ec posi­tions unfilled. This num­ber is expect­ed to grow to more than 1.5 mil­lion by 2019, with more than 200,000 of those unfilled vacan­cies in the Unit­ed States. This glob­al short­age of exper­tise lies at the heart of the infos­ec world’s abil­i­ty to respond to attacks and has con­sid­er­able effect on ven­dors and con­sumers alike.

With such a gap in unfilled infos­ec posi­tions, the indus­try must pur­sue new strate­gies to over­come the short­age in human cap­i­tal and set the indus­try on a long-term suc­cess path.

Relat­ed: 3 steps to fix cyber­se­cu­ri­ty tal­ent shortfall

I believe there are three core pieces to solv­ing this problem.


The first strat­e­gy lies with automa­tion. Many secu­ri­ty ven­dors have begun to implant new arti­fi­cial intel­li­gence and machine learn­ing tech­nolo­gies into their prod­uct port­fo­lios to improve the spec­trum of threats their prod­ucts can detect.

How­ev­er, cus­tomers con­tin­ue to strug­gle to hire the staff need­ed to mon­i­tor and respond to alerts gen­er­at­ed by these prod­ucts. With that, the impact of increased detec­tion effi­ca­cy has yet to be realized.

Secu­ri­ty ven­dors need to shift some focus from reduc­ing the num­ber of hands and eyes need­ed to oper­ate these detec­tion sys­tems and, instead, auto­mate as much of the data col­lec­tion, threat val­i­da­tion, false pos­i­tive triag­ing, response tick­et­ing, and oper­a­tional task assign­ments as possible—effectively doing away with some of the least skilled roles with­in infosec.

 New talent

 The sec­ond strat­e­gy is to close the skill gap between fresh­ly mint­ed infos­ec grad­u­ates and the busi­ness­es that need them.

With­in aca­d­e­m­ic insti­tutes, the pre­ferred method of solv­ing prob­lems and pass­ing exams is to oper­ate as a solo con­trib­u­tor. How­ev­er, when oper­at­ing with­in a busi­ness, you’re always part of a group.

The social and oper­a­tional skills need­ed to nav­i­gate and be suc­cess­ful in work­ing in such groups is rarely encour­aged dur­ing degree cours­es, which fur­ther inhibits new grad­u­ates from being successful.

The insti­tutes pro­duc­ing the next gen­er­a­tion of infos­ec pro­fes­sion­als need to acknowl­edge these siz­able gaps and alter their course instruc­tion to accom­mo­date col­lab­o­ra­tive devel­op­ment and lega­cy sup­port techniques.

Women in infosec

 The third major strat­e­gy nec­es­sary to close the resource gap applies to encour­ag­ing more women to join the infos­ec community.

Today it is esti­mat­ed that only 11 per­cent of the infos­ec work force is female. This is both a ter­ri­ble indict­ment on the indus­try and a huge oppor­tu­ni­ty to close the resource gap. While 11 per­cent is poor, in the most tech­ni­cal areas of infos­ec, the per­cent­age is most assured­ly lower.

In recent years, there has been increased out­reach to women to join the infos­ec com­mu­ni­ty and work force. How­ev­er, there has been lit­tle notice­able increase; the per­cent­age of woman in STEM has been increas­ing, but the flow into infos­ec has yet to happen.

 When look­ing at the time­line for act­ing upon these three core strate­gies, I believe that automa­tion offers the short­est path. Adjust­ing the edu­ca­tion pro­grams and pro­duc­ing grad­u­ates that can be more read­i­ly absorbed and made pro­duc­tive with­in busi­ness will take a lit­tle more time.

And of the three strate­gies, encour­ag­ing more women to join the fold is the least clear and requires more ideas on how this can be accomplished.

Not only can clos­ing the recruit­ment gap be done, it must be done.

More sto­ries relat­ed to cyber­se­cu­ri­ty jobs:
Schol­ar­ships aimed at clos­ing cyber­se­cu­ri­ty tal­ent gap
Brown Uni­ver­si­ty launch­es mile­stone exec­u­tive cyber­se­cu­ri­ty program
Cyber­se­cu­ri­ty jobs go unfilled as breach­es boom