Overcoming the Cybersecurity Skills Gap


For several years now, the “cybersecurity skills gap” has been a top challenge for organizations. The statistics are well-vetted, and they tell a clear story:

There are many unfilled security jobs: The industry is facing 1.5 million unfilled IT security jobs globally by 2020.

The hiring problem is getting harder to figure out: Ninety-two percent of businesses say it’s increasingly difficult to find skilled security candidates.

Security teams need immediate help: The average organization needs to process more than 200,000 pieces of security event data per day.

While cybersecurity training seems to be experiencing a groundswell moment, (e.g., BT Security recently partnered with ISC(2) to train security staff), solving this problem will take years, and the skills challenge will likely get worse before it gets better.

With that in mind, there are steps that organizations can take today to bridge the skills gap and improve the efficiency and effectiveness of their current personnel.

Identify Your Organization’s Skills Gap

The first step is understanding how the skills gap impacts your specific organization.

Build an organization-specific baseline by understanding the threat landscape and available resources. Factors like industry, the specific incidents the team faces, and real-world experiences responding to these incidents should all be considered. This will create a picture of the skills you have versus those needed.

Test this analysis further by coordinating simple tabletop exercises and simulations – both to validate the appraisal, and find gaps you may have overlooked.

Of course, any approach for solving the skills gap will evolve over time. Have a plan that expects to change.

Streamline Appropriate Security Processes

With a clear sense of the skills you have versus the skills needed, any organization can start to take action to shorten the gap. One effective and emerging option is to automate security operation processes – helping to leverage existing employees, and freeing them to be more strategic.

Which tasks should be automated? It varies from organization to organization. Identify the top candidates by analyzing which tasks are the most time-consuming, and take least expertise. For example, does the team spend too much time pulling data and formatting reports, or managing IT tickets? And on the flip side, consider which tasks won’t be too risky or complicated to automate.

It’s also smart to orchestrate processes before fully automating them – building scripted actions that ensure human decision-making in the process. This allows the team to test the processes’ fidelity and build a level of comfort before fully automating.

Explore Outside Help

Invest more in training and optimizing the usage of existing staff. Once again, this starts with understanding the business. Metrics, such as time-to-completion on individual tasks and workload balance, can provide a clearer understanding of how your resources are deployed, and how effective they are at certain tasks.

Third-party resources provide help in two ways: training and outsourcing.

For training, consider partnering with outside organizations, such as SANS, CERT, or NICCS, or other online educational resources. While there are plenty of available options, the key to success is making it a priority for the team to commit to improving their skills.

An outsourcing engagement can cover a variety of responsibilities. Examine if you simply need emergency resources on-call to help with a major crisis, or if it’s possible to offload the basic, repeatable tasks to a third party, which will allow your internal staff to manage the more significant events.

Bridging the Skills Gap

There are signs that the security industry is taking the sort of broad steps to solve the skills gap, but it’s up to security leaders to ensure that their organizations take immediate steps to shorten the gap today.

John Bruce is CEO and Co-Founder of Resilient, an IBM Company. Follow @resilientsys

Trending on Xconomy