There’s a deep problem in the Cybersecurity world, and it’s only getting worse. According to the 2015 Global Cybersecurity Status Report from industry association, ISACA, a huge 90% and 87% of US- and UK-based IT and security professionals respectively testified to there being an international shortage of skilled cyber-security professionals, with direct impact on these organizations’ ability to prepare and fend off sophisticated attack as a result. There are several reasons for this- it is a fairly new profession, and adoption is slow.
Not enough academic and professional institutes are teaching it and it is not certain that it is even feasible to quickly to academically train people for such positions which require immense hands-on experience. They are not simply making infosec professionals fast enough, and it’s not likely to change soon. ven if several initiatives (such as ISACA Cybersecurity Fundamentals Online Course) will gain traction and start delivering qualified (though not experienced) cybersecurity employees it will still not be sufficient to fulfill the need for experienced IT security professionals, Cyber intelligence analysts and Cyber executives- all of which are positions require many years of experience. Moreover, the requirements from such professionals are constantly increasing, as more and more technologies fall under cybersecurity definition- mobile, cloud etc. On the other hand, the bar for successfully hacking is constantly dropping- the proliferation of “Off the shelf” tools and kits means that there’s inherent asymmetry between the levels of training and knowledge we demand from our infosec folk vs. what the bad guys are doing ( or, to put in another way, it does not take more than a “script kiddy” to successfully attack a veteran IT pro). So can we do? First, it is clear that better training methods are required. Online courses, cyber training ranges and simulators and on the job training could all be incorporated into the modernized training curriculum. But even if this will facilitate the training, there will still be immense staffing gaps, so we must assume that in the foreseeable future the industry will function (or try to) understaffed. So we must employ a more technological approach to cybersecurity operation itself. We must provide cybersecurity personnel, analysts and executives tools to reduce the load they are faced with, to prioritize and maximize their technical and human resources. And the technology is moving rapidly towards this direction. Big data analytics, machine learning and artificial intelligence. Take threat intelligence for example. Today the organization who receive intelligence from multiple relay on very skilled analyst to correlate and gain insights from the information. This may be doable today but will not be possible when the quantities of data will increase exponentially, if because additional vendors which are now coming into the market or simply because the amount of information is exploding. Or cyber risk assessment- with so many variables to take into consideration, it requires an extremely proficient CISO to actually comprehend the risks and correlate these to security controls to identify gaps and shortcomings. And event management? Try sifting to thousands of daily alerts to find the one which is truly critical. Good luck with that- without proper AI it is almost impossible to reduce the noise level and see the relevant information alone Since we are not going to solve this manpower gap and we foresee a rise in the quantities of data and complexity of the security systems, we must provide the people in the cyber frontlines with better tools to facilitate their work. The technology is moving in the right direction, we just need to make sure it will focus on helping the humans fight the bots and the malicious humans on the other side, not burry them in additional labor.