The cybersecurity talent shortage is only going to get worse until there is a massive effort to train millions of new cybersecurity professionals.
In the meantime, Optiv Security and Momentum Cyber have published a white paper that discusses the five key trends and technologies that could dramatically reduce the impact of the skills shortage by creating much greater efficiency in enterprise security programs.
The talent shortage is projected to hit 1.8 million jobs by 2022.
Optiv Security’s Todd Weber
Todd Weber, Optiv’s vice president of partner research and strategy, tells us that until “we start thinking of different ways to train people on a mass scale for cybersecurity, I don’t see that changing.”
“… How do we do things in elementary schools, to where we’re not trying to train up 1 million people, we’re training up 10 million people?” he said. “Get them exposed to cybersecurity at a very early age and then build that as part of the educational system.”
Worsening the problem is the increasing number of new security tools along with the proliferation of new cybersecurity companies, he said.
Optiv and Momentum identified the following trends and technologies to tackle the problem:
- Machine learning: By strategically implementing machine learning to areas where it will save time and improve effectiveness, enterprises can eliminate wasteful triage processes that rely on analysts sifting through piles of data and alerts to find actual threats. Machine learning also provides organizations with intelligence to streamline workload and workflow processes.
- Platform consolidation: Several security vendors have been building out security platforms through technology acquisition and new feature development. These integrated platforms provide interconnected functionality that allows consolidated management more efficient than managing disparate point tools.
- Security integration: By integrating tools, organizations can dramatically speed up detection and response. For example, if an endpoint tool detects an infected laptop, it can trigger changes to firewalls to block the malware from communicating with its command-and-control host. However, while most tools have APIs for integration, they often are limited, so security pros should factor API quality into their buying decisions when procuring security tools.
- Automation and orchestration: Security automation and orchestration accelerate the movement of data between tools for the purposes of threat prioritization, response amplification, labor reduction and consistent workflow.
- Continuous security validation: Once these integration, consolidation and automation strategies are in place, enterprises must have systems to test that their security controls are properly configured over the course of time, even as network changes are made. Continuous security validation tools automate and speed the process of identifying misconfigured security tools and network devices.
“One or two of these five can make a large impact, it kind of depends on people’s maturity model and how much they’re willing to invest into those efficiencies,” Weber said. “Some of them are hard to avoid these days. Name a tool you can buy that doesn’t say machine learning or artificial intelligence (AI) on it somewhere? But that’s not really the question. What people should be asking is …
Pages: 1 2 3 Next