The cybersecurity industry has been talking about the sector’s talent gap for years. Decades actually. And it shows no sign of disappearing. According to a Gartner survey, 61 percent of organizations admitted that they are struggling to hire security professionals.
Today, the situation has reached crisis levels.
(ISC)2 released research that estimates the U.S. cybersecurity workforce needs to grow by more than 60 percent to meet demand today. Globally, the situation has gotten worse, requiring growth of 145 percent. The problem has become so critical that the Department of Homeland Security called it a “national security issue.”
While there are no quick fixes, the solution lies with a combination of technology, processes and people. AI, automation, diverse hiring practices, and giving back to the security community can offer some answers.
A role for AI and automation
It’s tempting to point to AI and automation as the answers to just about every business challenge today. In this case, they offer just part of the solution.
Machine learning and automation can take on a lot of the mundane work that cybersecurity analysts do, such as prioritizing security alerts, reducing false positives, and containing, investigating and remediating threats. It can also enhance a security team’s abilities with pattern matching. It can quickly detect attacker activity, such as lateral movement that would otherwise have required large amounts of time by security analysts.
When machine learning gets applied to tasks that are high-volume and repetitive, people can focus their efforts on problems that require human minds. Fortunately, security teams are generally receptive to this. According to our recent survey, 88 percent of cybersecurity professionals believe automation will make their jobs easier.
While technology can take care of a sizable part of the skills shortage, AI and automation aren’t suited to many tasks critical in cybersecurity. Tasks such as teaching end users good security practices and hunting down bad actors inside and out require the intuition, experience and expertise of actual good, committed, skilled people, not machines.
Delivering on diversity
There are huge numbers of talented people that the cybersecurity industry fails to attract. Fighting the continuous threats and external adversaries that cyber professionals face requires a multidisciplinary approach. Building a diverse team of people offers additional perspectives, creates a more holistic view of solutions, and delivers a range of valuable problem-solving skills. Diversity truly improves the overall outcomes of the team.
Organizations such as Advancing Women in Technology, Girls Who Code, Black Girls Code and WiCyS play an important role in bringing women into the industry. They deserve the support of the entire cybersecurity industry.
Companies can also foster inclusivity internally, with programs that invest in under-represented groups, whether through training and development, fostering community or information sharing. It’s also essential to educate companies on hiring practices that address and root out bias. For a sector chronically short of talent, there’s no excuse for further lack of progress.
The skills shortage also requires lateral thinking. For example, military personnel leaving the armed forces often have the aptitude and experience to thrive in the cybersecurity industry. Technical engineering experience, collaboration, an ability to think outside the box, a mindset of defending and the determination to succeed are found in abundance.
It’s incumbent on companies to open communication channels and give these high-value contributors a route to a rewarding career.
There are some organizations already making headway in this area, like NIST’s National Initiative for Cyber Education (NICE). But we can’t expect the government to intervene on a scale that will solve the problem. Employers have to open their doors to people outside their existing workforce and offer opportunities, training and support. This can include veteran recruitment programs and security and technical training discounts for former military personnel.
Where do we go from here?
Difficult problems can be tackled with fresh eyes, critical thinking and smart new approaches, along with persistence and teamwork. And we can apply the same thinking in closing the skills gap.
It starts by serving others and being responsible members of the cybersecurity community at large. It requires investing in education and learning opportunities for the next generation. It means opening our eyes to fresh perspectives and adding new voices to our teams. And of course, it means leveraging technology to help security practitioners work more efficiently.
I envision a future where organizations have all the cybersecurity resources they need. Where they achieve increased security and reduced risk because technology, processes and diverse people converge to make it happen. I hope other organizations and leaders will join me in working towards a solution that will bring that vision to life.
Nir Polak, chief executive officer, Exabeam