A clear and present danger: addressing the cyber-security skills shortage

For cyber-security professionals, it’s an accepted fact that cyber-attack vectors never really get eliminated permanently – they merely slide up and down the threat scale, becoming less prevalent for a while before re-emerging with a vengeance. But with so much focus directed outwards at the ever-changing threat landscape, the security sector has overlooked a persistent, long-term threat that has now grown into a very clear and present danger to organizations: the cyber-security skills shortage.

With 80% of organizations now affected by the lack of cyber-security talent available, as part of National Cyber Security Awareness month the Department for Homeland Security is looking to raise awareness of the issue throughout the course of this week. There are multiple reasons why there’s such a shortage of skilled security staff, from cyber-security not featuring in compulsory education to a failure by the sector to engage with the future workforce. But in today’s rapidly evolving threat landscape, the issue needs to be addressed, and fast.

The good news is, there are practical steps that organizations can take to help address the skills shortfall, and to attract and retain security talent. Let’s take closer look at these.

Invest in your staff

Organizations have a responsibility to keep up to speed with the dynamical threat landscape, not just to protect their own networks, but also to ensure that their staff can operate at the highest possible levels to support the company’s security posture. If the business doesn’t engage the full talents of the professionals it already employs, it runs the risk of them becoming deskilled. This cybersecurity brain drain is a pressing issue in companies that fail to keep up with the latest security technologies, products, risks and threats. As such, it’s vital that organizations invest in ensuring that their security staff stay up to speed with the latest developments in the sector, through ongoing training.

Automation matters

Another strong contributing factor to skilled staff leaving the security sector is that, all too often, staff spend a majority of their time on repetitive, dull, manual processes that achieve little more than ‘keeping the lights on.’ These processes include maintaining and making changes to existing systems and sifting through massive security logs. To address this, organizations should consider the role that automation can play by taking over these tedious, unrewarding tasks from employees, so that they can instead focus on more strategic, and engaging, security-related work.

There is a common misconception that automation has a negative impact when it comes to employment, with the assumption that it replaces people. In cyber-security, however, the opposite is true – automation takes away the manual ‘grunt’ work of making device configuration changes and paper-based audit preparations.

Automated security policy management streamlines and self-documents these processes, tightening up both security and compliance. From the point of view of security staff, automation frees up valuable time, enabling them to focus on more long-term, strategic business issues and giving them the opportunity to further develop and utilize their skills.

Automation also eliminates configuration mistakes and significantly speeds up security processes, making the business more agile. As an added bonus, because it logs every change and process, automation even ensures that all the paperwork is done without ever complaining.

Together, these approaches – investing in staff development and training, and automating manual, repetitive security tasks – will improve the organization’s cyber-security posture and help to ensure that its cyber-security staff retain their skills and motivation— and stay with the business. An experienced security team is a huge asset to any organization, and automation plays a key role in maximizing the value of that asset – helping the business to be more secure and more compliant.