What We can Do to Bridge the Cyber Skills Gap

Part 3 of 3

The talent crisis is real. As an industry, we can’t wait years for a solution. The good news? Today, companies can use automation to help bridge the talent gap. Incorporating the automation of specific cyber tasks makes it possible to increase efficiency and productivity while maintaining a strong security posture. With the help of security automation, security teams can mitigate active threats, saving time and money.

Yet automation is not enough. Companies need to do even more. Businesses must change job requirements, foster greater diversity in the workforce, develop well-designed company apprenticeship programs and work with schools to broaden the talent pipeline.

Automation Can Play a Part

As we noted in Part II of this series, automation can help bridge the cyber skills gap. When based on accurate data, machine learning can help analysts quickly find the needles (threats) amongst the many haystacks (log data) that they struggle to review and stay ahead of. Using automation, coupled with machine learning, gives less trained/skilled analysts the power of more senior experienced analysts. For example, with Starlight, a senior analyst can create advanced automated threat hunting queries and make them available for junior analysts to use. The junior analysts don’t need to understand the query, just whether or not the output is positive. Automation can also take the higher volume, less complicated queries and automate the responses so analysts can focus on more serious/complicated threats.

Despite common misconceptions, automation cannot completely replace humans. Companies need to do even more to help solve the security talent crisis.

We Need to Close the Gap with Humans

Solving the skills gap crisis requires a different way of thinking, for organizations and talent. Cultivating a security mindset is priority. Changing the culture takes time, but organizations need to broaden their idea of what a good candidate looks like and consider a range of potentials.

Change job requirements: Finding the security unicorn (someone exactly matching your job description) is difficult. Today’s teams should look to hire aptitude and attitude. Candidates with both of those can be taught to be security professionals.
Embrace diversity: The need for greater diversity goes without saying. Diversity in our teams improve everyone – women, minorities and veterans are just a start. Different views, ideas, approaches make everyone better.
Work with schools: STEM in general needs to be made more exciting so we can get students interested at younger ages. Let’s find creative ways to get young people interested in the tools/methodologies that created those video games and social media.
Encourage apprenticeship programs: While it’s important for four-year education institutions to continue to build cyber security programs, it’s equally important for trade schools to pick up the mantle with regards to training cyber security professions.
Look in Unexpected Places. Consider employing autistic individuals. People with autism often have high intelligence, careful attention to detail, intense commitment to high quality work and out of the box thinking — a specific gift and aptitude for cybersecurity. Analytical minds, coupled with attitude and aptitude, can accomplish anything!

And One More Thing We Can Do

Invest in and foster mentorship programs. Many people would love to receive career guidance and direction on how to get into cybersecurity. Mentoring needs to be top of mind for security leaders as we have the experience/skills the younger generation needs. Don’t wait for a younger person to take the initiative and discuss mentoring. In most cases, they don’t know much about mentoring and would likely be nervous about bringing up the topic. Giving back is very rewarding and something I highly recommend.

We Need to Start Today

More than ever, we all rely on the emerging digital economy. Over the next five years I expect to see significant advancements in quantum computing, AI, and automation. Quantum computing potentially has the power to break all current encryption schemes in minutes – which means we have to be better at protecting our data. Artificial intelligence coupled with automation is evolving quickly. At some point, the bad guys will be pointing their versions of AI against the good guys.

There is no one-size-fits all approach. It’s not humans versus machines. We need both.

Read the first part of this series here.

Read the second part of this series here.

Dave Barton is Chief Information Security Officer, Stellar Cyber. With over 20 years of security experience, he has served as CISO across several industries including telecommunications, healthcare, software development, finance and government.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.