Closing the skills gap in cybersecurity requires both technology and human involvement
That the security industry is cripplingly understaffed is not a new revelation. Since 2015, the number of organizations reporting a “problematic shortage” increases year over year, with 53% of organizations reporting this gap in 2018-2019. This is a pervasive, global problem and one that shows no signs of slowing as the cybersecurity sector grows and plays an ever more important role in day-to-day business functions. What does represent a new revelation is that in many cases, the answer to this skills shortage is already on the payroll.
As it stands, IT functions in most organizations is still split into network and security teams, which form two distinctive groups, often isolated from one another. The security side of the house remains chronically understaffed, while it is significantly easier to fill network support roles. What’s more, those working in the networking team have a lot of the foundational knowledge needed to switch to the security team. They understand networking protocols, normal user and application behavior and have tremendous experience with investigating and resolving problems. The networking team within an enterprise already has very specific, intimate knowledge of that enterprise’s network. They understand where things are and how things are connected, putting them in the perfect position to transfer to the security team and to help alleviate the skills gap.
Many network professionals not only want to learn more about security, but they also know that gaining security skills is an opportunity for their career growth. When organizations embrace this concept, they reveal a career development path for existing employees, reduce security risk with cross-trained employees and solve the problem of having to go into the highly competitive jobs market.
A Cultural Shift
Half the battle in facilitating a system of transferrable staff and team members is addressing the prevalent corporate culture and organization structure that drives a wedge between these teams.
Security and network teams often are working toward the same goal, using different parts of the same data sets, without even knowing it. This is due to the current setup of security and network teams and the vendor-driven, alert-heavy culture that funnels so many network and security teams into different parts of the organization.
Picture the scene: A security analyst has been assigned a trouble ticket relating to a compromised IoT device. This ticket could be based on an alarm generated by a security product, or it could be the result of another team’s investigative work. The trouble ticket provides the security analyst with a narrow view of why this alert was generated, forcing them to do their own digging and research to understand its context.
This is the same for a DDoS attack, a data exfiltration incident and countless other security issues. When team members are trained in both the intricacies of the network and the security landscape, their investigation process, data gathering and root cause analysis efforts become vastly more efficient. The result is lower risk and higher operational efficiency at a lower cost to the organization.
To make this a reality, however, it’s not just enterprises that must adjust. There also must be a shift in product development from the vendor side. Vendors need to develop broader platforms that deliver value across both the network and security teams, rather than focusing on narrower solutions that address one problem. Although this shift won’t happen overnight, there is growing momentum across vendors and enterprise organizations.
The Rise of the Machines
AI and machine learning (ML) are still the most hyped solutions to the skills gap. It’s undoubtedly true that smart technology has—and will continue to have—a profound impact on the way organizations complete some (but not all) security-related tasks. AI/ML will deliver value in mining massive volumes of data and identifying user and network pattern deviations and anomalies. AI/ML also will deliver value around data enrichment, event correlation and the reduction of false-positive and alerts security teams receive.
As AI/ML technology continues to mature, it will help mine massive volumes of data to identify threats. But these technologies never will eliminate the need for human interpretation and decision-making. The context needed to understand and remediate security incidents always will require a human touch. AI/ML alone is not the answer to the skills gap. Cross-training and career growth for network professionals is a critically important step that every organization should consider and begin to implement.
Bridging the Gap
The skills gap is a problem that needs fixing. As the world becomes ever more connected, the need for security professionals will continue to rise exponentially. But this is not a problem companies can conveniently farm out to technology or vendors alone. Everyone within this ecosystem has a role to play, which includes the people who are responsible for developing security products, those who hire security and network staff and those responsible for allocating budgets. This is an industrywide shift that will take time and collaborative effort to achieve. However, when done correctly, it could provide an efficient and cost-effective solution to one of the biggest problems our industry faces.
— Bob Noel