Cybersecurity attacks continue to grow at exponential rates. Every day, we hear news stories of cybersecurity breaches across public and private sector organisations. The far-reaching cybersecurity breaches of the last 12 months has served as a undeniable wakeup call of the heightened importance of cybersecurity.
The recent uncovering of the Solarwinds supply chain attack shows how massively impactful cybersecurity attacks can affect and impact government and a great many large global corporations.
According to the Wall Street Journal:
“The attack blended extraordinarily stealthy tradecraft, using cyber tools never before seen in a previous attack, with a strategy that zeroed in on a weak link in the software supply chain that all U.S. businesses and government institutions rely on—an approach security experts have long feared but one that has never been used on U.S. targets in such a concerted way.”
18,000 government agencies and companies are said to have been affected in the great Solarwinds attack that uncovered “a critical vulnerability in America’s technology infrastructure” The Journal reported.
Most In-demand Jobs
It’s a well-known reality there’s an acute shortage of advanced cybersecurity skills. Skills such as experienced cybersecurity threat hunter, incident responder, or cloud security architect are just but a few in high demand jobs being highly sorted.
Given that cybersecurity defence are human driven, yet technology powered; it’s obvious that application security specialists, cloud security specialists, security analysts and SOC analyst are always in demand amongst other in-demand job roles.
Our current reality is seemingly the new reality, which is the simple law of supply and demand. Companies are more than willing to engage in bidding wars over experienced and highly qualified skilled experts. The highest bidder almost always gets better access to more skilled talent pool.
A matter of fact is that it will take many years before we start to see the demand for skilled security experts being met.
SOAR and AI: Not the talent shortage panacea
Underpinning most marketing and cybersecurity solutions are technology developments: AI (artificial intelligence) and SOAR (security orchestration, automation, and response).
While these cybersecurity technologies, solutions and innovations are essential and given that everyone likes to tout the magic of its capabilities; for cybersecurity the truth is that there is no such thing as SOAR & AI being that panacea to the ongoing barrage of cybersecurity attacks and the talent shortage.
According to Forrester
We’ve seen AI misconstrue athletes as felons and cause investors to lose millions daily. The ultimate lesson here is that AI is only as good as the model on which it’s built. AI and automation lose to human beings because we’re unconstrained and do the unpredictable, which is exactly what attackers do in security.
The core capabilities of human beings are AI’s blind spots; “humanness” is simply not yet (or possibly ever) replicable by artificial intelligence. We have yet to build an effective security tool that can operate without human intervention. The bottom line is this: Security tools cannot do what humans can do.
Security vendors touting SOAR and AI solutions being as a flip-switch replacement with words such as “Fully-Automated Incident Detection, Investigation, and Remediation” and pushing ideas that the capabilities and features of their AI and automation will completely replace human beings – are totally inaccurate and erroneous.
While AI and SOAR can improve the time taken to detect threats and breaches, the matter of fact is “AI and automation only regurgitate what they’re fed”. Good quality, up-to-date data sources and complete sanitised datasets are equally of great importance.
Bridging the Gap
Employers must acknowledge first and foremost; the talent demand curve is still high. This conclusion is supported by market studies, various survey results, and the high salary premiums commanded by cybersecurity professionals. The steady stream of demand for their skills is high and the supply of their skills is low.
The cybersecurity talent shortage problem is a microcosm for the bigger issue here. Employers have to look at several pipelines – people from diverse fields needs to be attracted to this pool. Various sources of talent should be considered.
Here are three steps for enterprises to take:
1. Cyber Range: Cyber Ranges – that is, software virtualised platform – helps new and experienced cybersecurity professionals simulate attacks, such as denial-of-service or ransomware, and test abilities to respond. More like the flight simulators used by Pilots, Cyber ranges helps increased cyber resiliency and helps bridge the practical knowledge of theory-based certifications.
2. On Demand Training: Designed to help organizations like yours improve their security techniques, IEEE’s Cyber Security Tools for Today’s Environment is an 11-course training program available 24/7, allowing professionals to learn at their own pace, at a time that’s most convenient. This program is ideal for technical professionals in IT, computer science, and related fields who want to enhance their knowledge and stay current in the cyber security field. Upon successful completion of the program, participants receive CEUs/PDHs that can be used to maintain their engineering licenses. Connect with an IEEE Content Specialist to find out how to bring this program to your organization today!
3. Training for the Race – Academically: Competitor talent poaching has long been a strategy that most companies rely on. Yet, such strategy are almost always short-term at best and can be a vicious circle. Both on a long and short term, organisations need to work with academia and government as one of numerous ways to close the talent gap.
DataSixth believes many cybersecurity jobs can be filled through a “green horn” approach that involves tapping and influencing collage and universities. Therefore, the content of any university curriculum teaching the subject needs to be constantly receiving input from enterprise cybersecurity experts who are up to date with the most recent methodologies and strongly aligned with cyber experts who are fighting the cybercrime war on a daily basis.
By exploring various “green-horn” approach, investing in people, at the right time, with the right training, organisations can help fill cybersecurity gaps.
DataSixth Training Academy can provide to support your company’s talent shortage, not only for the looming skills gap, but also working collaboratively working with your organisation to find and recruit top talent outside the conventional pipeline.
At DataSixth, we’ve made it our mission to close the cyber security skills gap with services delivering continuous learning, talent upskilling, and cyber range. Contact us to see how we can help you upskill, reskill, and retain your cyber workforce.