Cybersecurity Help Wanted

Another report was just released that points out a critical challenge for CSOs and CISOs. Most concerning is that this challenge has been shown to contribute to cybersecurity incidents.

I ran across a new report that is well worth reading and sharing with others in your organization. This report is not about a new vulnerability, scam, malware or hacking campaign. It is about issues that are far more difficult to solve.

This report highlights today’s shortage of cyber security resources. This twenty-four-page report was produced by Intel (McAfee) and the Center for Strategic and International Studies (CSIS). The report focuses on the current state of cyber security resources in eight countries and includes a fair amount of supporting data.

Countries participating in the modeling.
• Australia
• France
• Germany
• Israel
• Japan
• Mexico
• United Kingdom
• United States

There are two key points in the report that should be highlighted. First, figure 5 of the report indicates the 35 percent of respondents said that “We can’t maintain an adequate staff of cybersecurity professionals.” This is not a new issue by any stretch. Two years ago the Rand Corporation published a study on the shortage of cybersecurity professionals and stated that it poses a risk to national security (Link http://www.rand.org/news/press/2014/06/18.html). The talent shortage has been known for several years and the problem has still not been solved. Even more concerning is that the demand for cybersecurity practitioners has and will continue to increase as we add billions of IoT (Internet of Things) devices, connected cars, wearable computing and smart cities.

Now add to that issue that it will take years to complete the current training. Once the initial training is completed let’s not forget the workforce will need continuous refreshing of their knowledge and skills in order to maintain their proficiency. Given the continuous change that is taking place in the cyber environment, this will be no small challenge. If that does not look like a big enough challenge take a look at figure 10 of the report. It indicates less than 1/4 of respondents believe education programs (universities or vocational) are fully preparing cybersecurity professionals.

The cybersecurity industry, and governments for that matter, have known about this problem for years and yet the problem still exists. In fact, the issue is getting worse from my vantage point. So just how do you plan to protect the growing information assets of your organization from the growing number of cyber threats until additional resources become available? This is a national security issue and that is not an overstatement. A well thought-out strategy is needed ASAP. That must be followed by flawless execution of that strategy if any relief will be seen in the next two to four years.

Here are a few recommendations. First, get with your local colleges, universities and trade-schools and work with them on a program that meets what is needed currently to be a cyber security practitioner. Second, speak to potential students – help recruit cyber security students for the schools. Third, work with schools to continuously infuse information about new cyber threats into their course loads.

A 2015 survey of more than 3,400 ISACA members in 129 countries determined that 86% of respondents see a global cybersecurity skills gap (http://www.isaca.org/pages/cybersecurity-global-status-report.aspx). That gap just increases the exposure every organization faces and even puts you the CSO and CISO at risk. Fourth, work with your human resource department to offer an apprenticeship or internship to further prepare the students to enter this extremely challenging field.

Finally, recognizing that you are competing for these resources. Cisco examined this problem and puts the global number of cybersecurity job openings at one million. Michael Brown, CEO at Symantec, stated that the projected shortfall of 1.5 million in 2019. This is one of those challenges that should be raised as a concern to executive management. They need to be aware of this critical issue and work with you to make sure your resource needs are met.

Kevin Coleman is a dynamic speaker, author, advisor, and visionary that provides riveting insight on strategy, innovation, and the high velocity technology. He was Chief Strategist at Internet icon Netscape and at another startup that grew to be BusinessWeek’s 44th fastest growing company. He has spoken at some of the world’s most prestigious organizations, including the United Nations, the U.S. Congress, at U.S. Strategic Command, and before multiple Fortune 500 organizations and briefed executives in 42 countries around the world.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

Cybersecurity Help Wanted

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Cybersecurity Help Wanted

Share This Story

Blog Topics

Blog Roll

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.