Cybersecurity Analytics and Operations Skills Shortage

Cybersecurity Analytics and Operations Skills Shortage

Ability to detect and respond to threats is greatly impeded by a lack of skills and staff. Leading organizations offer a few suggestions.

If you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage.  Allow me to report some sad news – things aren’t improving at all.  In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills.  In 2017, the research is statistically the same as last year, 45% of organizations say they have a problematic shortage of cybersecurity skills.

Now these numbers point to an overall dearth of talent but the cybersecurity skills shortage is especially pronounced in cybersecurity analytics and operations.  For example:

  • According to 2016 research conducted by ESG and the Information Systems Security Association (ISSA) 33% of respondents said that their biggest shortage of cybersecurity skills was in security analysis and investigations.  Security analysis and investigations represented the highest shortage of all security skill sets.
  • Recent ESG research reveals that 54% of survey respondents believe that their cybersecurity analytics and operations skill levels are inappropriate, while 57% of survey respondents believe that their cybersecurity analytics and operations staff size is inappropriate.

The ramifications of skills and staff deficiencies are also apparent in the research.  Cybersecurity operations staffs are particularly weak at things like threat hunting, assessing and prioritizing security alerts, computer forensics, and tracking the lifecycle of security incidents.

Of course, many CISOs propose an easy fix – simply hire more cybersecurity staff to bridge the knowledge and staffing gaps.  In fact, 81% of the cybersecurity professionals surveyed say that their organization plans to add cybersecurity headcount this year.

Unfortunately, this isn’t always easy to do.  According to the ESG research, 18% of organizations find it extremely difficult to recruit and hire additional staff for cybersecurity analytics and operations jobs while another 63% find it somewhat difficult to recruit and hire additional staff for cybersecurity analytics and operations.

Given the fact that CISOs can’t hire their way out of this mess, what can they do?  Here are a few things I see leading organizations undertaking to address the skills shortage:

1.      Pushing on automation and orchestration.  CISOs are assessing security operations processes, developing formal runbooks, and using technology to help add automation and orchestration to staff sweat and brainpower.  Tools from vendors like IBM (Resilient), Phantom, ServiceNow, Siemplify, and Swimlane can be helpful here.

2.      Kicking the tires on machine learning.  Slowly but surely, large organizations are figuring out the right use cases for machine learning technologies that can help them prioritize and investigate true security incidents.  Promising vendors include DarkTrace, E8, Exabeam, HP (Niara), IBM (Watson), Palo Alto Networks (LightCyber), Splunk (Caspeda), and Vectra Networks.  CISOs should cast a wide net here however as there is a lot of innovation happening quickly.

Uncategorized

Leave a Reply