Cyber security is a people issue on both sides of the equation: insiders who may pose a threat (intentionally or not) and the professionals tasked with preventing threats. There is a dramatic shortage of skilled cyber security professionals.
Studies indicate a gap of 3.5 million cyber security positions – jobs that companies are hiring for but unable to fill – by 2021.
In addition, in the wake of the recent Equifax breach, there’s been a sharp focus on credentials in the cyber security space after news broke that the company’s chief security officer has degrees in music. This news, in turn, elicited various viewpoints regarding the value of certificates and just what makes a talented security professional.
Agreement On Skill Shortage
There seems to be plenty of agreement that there is a shortage of qualified personnel to fill the many open cyber security positions.
- “We’re as close as possible to our unemployment rate being zero,” said Sam Olyaei, senior research analyst, at Gartner Security & Risk Assessment Summit in National Harbor, MD. “If you’re a cyber security professional with any kind of skill set, you already have a job and multiple offers on the table.”
- An intelligence official noted that to be effective in cyberspace, the United States needs about 30,000 people with specialized security skills—it currently has 1,000.
Differing Views On Path to Skill Attainment
Is a technical degree a prerequisite for a senior security position? There are differing viewpoints on this question.
- Marketwatch says: When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security. Note: If you dig a bit deeper, you learn that the Equifax chief security officer did have previous senior security experience.
- Others believe that a technical degree is not necessarily a mandatory requirement in the cyber security field. In technology, that piece of paper you graduated with matters less than you many think, according to some practitioners. This is particularly the case with information security, where the threats are constantly changing and adapting. “It is extremely common for …firms to hire workers with nontechnical degrees”, said Wendy Nather, the principal security strategist at Duo Security. “It’s really important to bear in mind that any sort of static qualification at some point is probably not a good way to judge anybody’s contribution to the field.”
And, if you’re looking for a combination of a cyber security degree and several years of experience, that could be a tricky pairing to find. Degree programs in security haven’t been around for very many years, making it impossible to have both the degree and the experience.
Addressing the Skills Gap
Here are a few recommendations on ways to address the cyber security skills gap.
- Machine learning to prioritize and investigate, and managed services to help augment staff are a few of the recommendations from Jon Oltsik, CSO, principal analyst at Enterprise Strategy Group. He goes on to call for additional support: “The cyber security skills shortage is an existential threat that impacts all of us. As such, national governments need to do more.”
- Training junior in-house staff and supporting staff in certification attainment are recommendations cited by many.
- Automation is a recommendation suggested by most experts who comment on the security skill shortage. A publication from Deloitte University Press states that with the use of advanced analytics, automation, and artificial intelligence, it’s possible to “train the technology” to deliver key insights that optimize cyber professionals’ work, streamline operational processes, and improve security outcomes.
One automation solution organizations can use to supplement their security team’s effort is online monitoring software. This category of software allows IT to listen for insider threats, monitor activity, and establish alerts for suspicious activity.