Feb 6, 2015
Cybersecurity drivers part 2: The talent shortage
Read More
If recent events have made anything clear it is that no institution is safe from an IT security breach. The Target data breach during the 2013 holiday made organizations finally stand up and take notice of the cybersecurity threat landscape. Revelations since then, like the news that Russian hackers were able to read President Obama’s non-classified emails, now have businesses and government organizations searching frantically for experienced security experts and effective security analytics and reporting solutions.
The fact that hackers were able to read the President’s emails opens up a slew of questions about what critical systems criminals might be able to hack as well, such as:
- Electrical grids
- Security measures at government facilities
- Weapons systems
Not surprisingly, in the face of these concerns organizations are increasingly emphasizing cyber security. A recent survey of CIOs from the investment bank Piper Jaffray, for example, found that 75 percent of respondents plan to increase IT security spending in 2015. Historically, the default strategy for improving cyber security has been to simply add staff in the security operations center (SOC). But that tactic is growing far more difficult, as IT security talent is in high demand and short supply.
Luring quality IT security talent isn’t going to get easier, either. In fact, a recent survey of IT and cyber security managers conducted jointly by RSA Conference and ISACA found that 52 percent of respondents said that less than a quarter of applicants have the skills necessary to fill open positions; 53 percent of these managers said it currently takes between three and six months to fill job openings. Further complicating the matter, top-flight talent is typically scooped up by giant corporations like Google and Facebook. So if government and private organizations that oversee critical infrastructure continue trying to meet security challenges by adding staff, we are all in serious trouble.
As the number and complexity of attacks continues to grow, organizations must move away from the “staff up” mindset. Because talent is so scarce, the personnel an organization already has—and specifically those employees’ time—is now a precious resource. Automating repetitive tasks in an SOC—like manually generating reports or closing support tickets—helps organizations conserve that resource by allowing experts to devote more time to mission-critical tasks.
Even if educational policies are changed today with the hope of producing more IT experts, it will be years before we will see the impact of that change. The talent shortage is a reality and will remain one for the foreseeable future. The question now is: How do we deal with it?
