How to Survive the Cybersecurity Talent Gap

With not enough “watchdogs” available to secure IT resources, employers are becoming more innovative, both in recruiting and in using automated solutions.

The “talent gap” in cybersecurity – the difference between the demand for cybersecurity professionals, and the available supply – shows signs of becoming a chasm. The worldwide shortfall of such professionals will grow to more than 1.8 million workers by 2022, according to a new report from the Center for Cyber Safety and Education. The deficit is already causing a “significant impact” on security effectiveness, according to 46 percent of responding companies.

The pain is also being felt by those responsible for hiring cybersecurity professionals. In a separate new study from ISACA, respondents indicated that 55 percent of all cybersecurity positions take three to six months to fill with a qualified candidate. Perhaps more alarming, the ISACA members reported that of those who do apply, fewer than 25 percent are actually qualified for the posted job.

Meanwhile, the scope of the challenge facing today’s IT security professionals continues to grow rapidly. In just the first two months of 2017, the Identity Theft Resource Center has documented some 240 new data breaches in the U.S., resulting in the exposure of more than 1.1 million personal records.

With threats mounting while the supply of IT guardians lags, what can any organization do to keep its systems and data secure – today and in the near future? Fortunately, there are strategies available to address both the immediate under-supply and the near-term deficit.

Filling the pipeline for tomorrow

To fill the pipeline with the skilled cybersecurity workers who will be needed in several years, employers (both general-business and security vendors) are implementing a wide range of talent-management programs. In many cases, they work closely with government agencies, colleges and universities, Managed Service Providers (MSPs), and industry associations. These programs include:

  • Investing in network security conferences, meetups, hackathons, and boot camps.
  • Providing local colleges or universities with current IT security technology and/or curriculum.
  • Developing some of their existing pool of IT generalists into cybersecurity specialists.
  • Defining a clear progression of cybersecurity qualification (e.g. apprentices, journeymen, and masters of information security), with corresponding certifications.
  • Focusing on the needs of millennial professionals, specifically how they prefer to learn and work.  (Only 12 percent of current cybersecurity workers are under age 35, according to the CCSE report.)

Freeing up the security analyst today

Meanwhile, the IT and security professionals who are responsible for securing today’s IT systems and data are grappling with information overload. The nonstop torrent of information they receive, from a widening set of security solutions and data sources, about the configuration, performance, and behavior of their IT resources overwhelms their ability to process it.

If it’s not triaged and distilled, this flood of information can trap IT security analysts in reactive mode, where – as Observable CTO Patrick Crowley says – they “spend the vast majority of their time chasing down false positives.” Fortunately, one of the more vexing sources of information overload can be addressed today, by using a new class of network security solution

At its core, information overload is a problem because machines are generating huge volumes of log data, which is not suitable for consumption by humans (including security analysts). Endpoint modeling is a new approach to IT security that enables automatic detection of security problems, wherever they may be lurking in the volumes of data confronting the analyst. It does so by consuming machine-generated log data, and producing alerts that are easily consumable by humans.

For every connected resource in an organization’s footprint – including networks, servers, devices, applications, data, and users – a specialized entity, the endpoint model, is created to track what is normal role and behavior. As a result, when any resource behaves in a way that is abnormal (that is, deviates from the model), it can be seen in sharp relief to the model. When that happens, the endpoint-modeling solution provides near-real-time security alerts, which enable the analyst to take fast, effective action to defend the IT environment.

By attacking information overload in this manner, endpoint modeling simplifies the challenge of understanding what every connected IT resource is doing, and gives the IT/security professional a fighting chance of defending against potential threats. Endpoint modeling also benefits the organization, by freeing up the finite time and energy of its IT guardians, and allowing them to accomplish more on other tasks. And until the next generation of cybersecurity professionals arrives to fill the talent gap, it shows that innovation and automation can help keep pace with growing risks.

Experience Dynamic Endpoint Modeling on Your Own Network

Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.

Detect Threats Faster – Start Your Free, No-Risk Trial