How to address the cybersecurity talent shortage

Aug. 14, 2019
Organizations need to start thinking outside the box when it comes to searching for job candidates

The growing cyberattack surface, ongoing regulations and requirements, and the endless onslaught of digital threats have necessitated more adept personnel than ever before, yet the security skills chasm is only widening. Recent estimates, according to (ISC)², place the skills shortage at just under three million positions, with a half-million in North America alone.

While organizations have been doing their best to find creative solutions to the problem, the industry continues to struggle to meet the current and future demand. Many businesses have turned to hiring general IT professionals and set up training programs – and then training them on cybersecurity. 

While this stop-gap approach provides some relief, it’s no silver bullet. The greatest challenge lies in finding experienced security practitioners and those can’t be created overnight. The market is reacting: More students are taking up cybersecurity, universities are building cybersecurity programs, alternative educational programs are emerging and more existing IT pros are choosing to specialize in security. Yet, the gap continues to widen.

How Can You Attract Adequate Talent?

Experience is only half the issue. With so many organizations searching for the right fit, the competition is fierce. Companies must step up their game when trying to recruit and retain. Here are some recommendations:

  • Money talks. Ensure you offer competitive salary and benefits packages.
  • Make the work environment more culturally stimulating. People who like where they work look forward to coming into every day.
  • Set up training programs to provide IT professionals with the necessary cybersecurity skills needed.

Companies also need to start thinking outside of the box, and beyond social media and career sites when searching for candidates. A few examples: 

  • Hire within: Existing employees might not have the IT and/or technical expertise required, but they are already immersed in the company and likely familiar with best practices, processes and procedures.
  • Hire former military/veterans: Many are looking for civilian careers after getting out, and most of these individuals have existing knowledge from working in the field. Many also hold a higher standard/work ethic due to the likelihood of holding various security credentials obtained in order to do their military jobs. They’re also great under pressure.
  • Look in places where you may not have thought about:  Peruse the CISSP or (ISC)² membership directories for candidates. Visit IT organizations or forums. While some of these individuals might not have the “appropriate” security experience, chances are they have ample tech experience, which could make the transition to a security field easier.
  • Develop relationships with local schools and universities: Take opportunities to showcase your company (for example, as a guest lecturer in computer science classes) to tap into graduates as they look for internships or post-degree jobs.
  • Consider women for roles:  One of the biggest untapped pools for cybersecurity professionals are female, who make up a small percentage of overall cybersecurity positions. Initiatives are underway to both showcase and mentor women in cybersecurity. These need to continue.

Skills Shortage in the SOC

Nowhere is the skills shortage more prevalent than inside the SOC (security operations center), where the increase in the volume of alerts requiring action far outpaces an organization's ability to keep up with skilled analysts. Security orchestration, automation and response (SOAR) solutions are gaining traction to help alleviate this “alert fatigue” because they increase the efficiency of existing SOC analysts, helping security teams get more work done.

While the industry continues to overcome the skills shortage problem, organizations need to jump at every opportunity to automate repetitive tasks and make their existing teams more productive in the meantime. Automation and artificial intelligence (AI) can reduce burnout by handling trivial, repetitive and mundane tasks that many entry-level security staffers spend most of their day doing.

Below are a few ways security orchestration can help address the talent shortage: 

  • Orchestration of disparate tools: When you break down the work of your typical SOC analyst, a lot of time is dedicated to so-called “swivel chair integration,” a slang term for copying and pasting from one tool into another and switching between screens and tools. Security orchestration does more than integrate disparate tools in a single pane of glass (which of course saves precious time), it also eliminates a lot of the specialization that is required to run each security tool independently.
  • Automated playbooks: Scalable and repeatable processes for incident response and triage are vital to analyst productivity. Security orchestration lets teams automate the repetitive and manual tasks that are carried out in response to common indicators of compromise.
  • Tribal knowledge capture: What’s worse than trying to hire a new analyst? Having your most experienced analyst leave, along with the wealth of knowledge he or she has accumulated over the years. Security orchestration playbooks put the wisdom of your most experienced analysts into the hands of everyone.
  • Faster analyst ramp-up: With a structured workbench for the SOC analyst, new hires can execute playbooks on day one, with step-by-step guidance on how to proceed with an investigation and clear escalation paths.
  • Self-documentation: Nobody “loves” documenting security incidents. With built-in collaboration and case management, security orchestration allows security analysts to spend more time investigating and less time creating and generating reports.
  • Bottleneck identification: The best security orchestration platforms include powerful business intelligence (BI) and reporting that let SOC managers identify bottlenecks and act to remediate them, further increasing analyst productivity.

SOAR should be looked at as a force multiplier that will not only ease the burden on overtaxed and skills-starved security operations teams by helping to automate and accelerate the critical threat detection and response process, it will also free up existing analysts to concentrate on more specialized security tasks that will more firmly move the needle to drive tangible business impact.

About the Author:

Nimmy Reichenberg has extensive experience growing innovative companies into global brands, and is currently the CMO of security orchestration, automation and response (SOAR) provider Siemplify. Follow Nimmy on LinkedIn or @nreichenberg on Twitter.