Shortage of CyberSecurity professionals may be crippling! What can companies do until supply meets demand?
For several years now, I have heard dozens of CyberSecurity expert speakers bemoan the fact that there simply are not enough professionals in the market with the needed CyberSecurity skills to meet the ever-increasing demand. Unfortunately this problem is not new and we may not see a solution for years to come.
A report last year published by McAfee and the Center for Strategic & International Studies entitled Hacking the Skills Shortage stated that 71% of respondents interviewed believed that the current shortage of skilled security workers does direct and measurable damage. Overall, 82% of respondents reported a shortage of CyberSecurity skills in the marketplace. It is conservatively estimated that there are more than a million positions currently vacant on a worldwide basis. These facts are exacerbated by the fact that criminal cyber activity is on the rise, and at a very fast pace. We really don’t need a study to know this, just a brief look at the news on most days is enough to make a sane IT manager cringe.
Created in 2014, the Florida Center for CyberSecurity at the University of South Florida in my hometown of Tampa, FL, has been taking a leading role in preparing security professionals for the future with their research and education programs. They have also made a commitment to training for our returning veterans, which is great in so many ways. Unfortunately we are still well behind the demand curve. So what can companies do?
In my view, there are essentially 3 ways to address this issue. First, hire smart IT professionals and provide them with the cyber security training needed to be proficient. While at first glance, this seems to make a great deal of sense, it is very time consuming, quite costly, and businesses run the risk of employee turnover with their newly minted security professionals jumping ship for a 20% pay raise down the block.
The second approach is to invest in more technology and do your best to automate threat prevention, detection and resolution. There are some really powerful tools on the market from industry leaders like HPE, Alien Vault, Splunk and many others. They do however lead to some unforeseen challenges. The first of course is cost. Licensing your IT environment with tools like these and others can require a sizeable investment for license acquisition, hardware acquisition and installation, annual maintenance, implementation/customization, staff training and ongoing monitoring and human oversight. These are all solid solutions, but the total cost of ownership needs to be very carefully evaluated as well as closely managed. That said, if this is your preference, fasten your seatbelt and hold on tight as you present your business case and budget request to the senior leadership of your company, it may be a bumpy ride.
The third approach is to simply outsource IT security to teams of seasoned experts who will focus on safeguarding your information day and night. One of the most cost effective approaches is to contract with a company that is a Managed Security Services Provider (MSSP) or provides Virtual Security Operations Center (SOC) services. You can also contract for a Virtual Chief Information Security Officer or CISO to oversee your security infrastructure and policy on a shared basis. For IT managers who like to see and touch all of their systems, this may be a tough pill to swallow, yet there are several significant benefits to these solutions.
First, because of their shared service model, these MSSPs leverage the extensive experience of industry subject matter experts, (SMEs). Typically they are the thought leaders in the industry who have done this work for years who can be at your beck and call. Managed Security Service Providers like Sattrix USA, assemble teams of experts at diverse locations to provide advanced security service to clients.
The second and equally important value proposition that the MSSPs bring, is best of breed technology. MSSPs have the benefit of leveraging substantial security investments across multiple clients allowing them to invest in the leading, top right quadrant of software and hardware solutions deployed for monitoring and protection against cyber-threats. This approach favors organizations with a limited budget who simply cannot absorb a six figure software implementation plus all the related cost.
Bad actors do not work 9 to 5 jobs! MSSPs can provide 7 x 24, around the clock support, keeping an eagle eye on your environment ready to act the moment a threat is suspected or detected. Only the largest enterprise organizations have the luxury of staffing 3 shifts to keep predators at bay.
Finally, outsourced security services are generally offered for a fixed monthly cost with little or no startup spend to get going. Financial managers love the fact that they can accurately forecast the cost of security management and protection for as many as 3 years. They are even happier that these fixed costs are usually a fraction of the cost of deploying an in-house security solution.
The shortage of security professionals is a significant threat to businesses today. It is up to IT leadership to decide on a strategy that works for their business and take action. The threats are not slowing down by any measure!
Sattrix USA offers a broad range of solutions to protect businesses from a wide range of cyber-attacks including managed security services and cyber assessments to name just a few. We can also provide your organization with education to create awareness for your colleagues, senior management or decision makers.
To respond to this blog or for your comments/questions on it, please Click here.
Sattrix USA has built long term trusted relationships with organizations like the Department of Defense, many Federal agencies, and large corporate enterprises by providing a broad range of highly effective security solutions.