The Internet wants you! Solving the cybersecurity skills shortage

It’s now week four of National Cyber Security Awareness Month, the annual campaign organized by the Department for Homeland Security to raise the profile of cybersecurity for individuals and enterprises.  The focus this week is “The Internet Wants You:  Consider a Career in Cybersecurity” which aims to highlight the range of opportunities in the sector.  As the campaign’s website points out, the U.S. Center for Cyber Safety and Education estimates that by 2022, there will be a shortage of 1.8 million information security workers in the USA alone.

Of course, the cybersecurity skills drought is not a new issue. But it is a major cause for concern given that, despite the industry’s best efforts to attract IT talent to the infosecurity sector,  demand far exceeds supply. In other words, it’s an employees’ market, with strong career potential.

As the campaign’s website reminds us, it is vitally important that universities, colleges and schools prepare the best and brightest to fill the huge array of available cybersecurity positions. And this isn’t just about effective training:  it’s also about actively encouraging job seekers – both current and future – to consider cybersecurity careers. But no matter how you slice it, creating a security professional with 10 years of experience takes … well, 10 years.

Facing the issue head on

Whatever the reason for the shortage of talent, it’s clear that something needs to be done– especially when there’s no shortage of hackers and cyber criminals.  So, what more can employers of those cybersecurity professionals do to attract and retain talent?

At AlgoSec, we’ve blogged in the past about the ‘cybersecurity brain drain’, the very real and legitimate fear that many established cybersecurity professionals have of becoming deskilled, because their current employer simply doesn’t keep up with the latest security products, risks and threats.

The cybersecurity threat landscape is enormously dynamic, and organizations have a responsibility to keep abreast of changes, not just in order to protect their own networks, but also to ensure their staff are operating at the highest possible levels.

The role of automation

Enterprises employing cybersecurity professionals should consider the role that automation can play in alleviating the skill shortage – by strengthening their overall security posture, by making the business more agile, and by helping to retain security talent.

All too often, automation is framed negatively when it comes to employment, the assumption being that it replaces skilled workers.  In cybersecurity, however, the opposite is true – automation actually dramatically frees up skilled professionals from the monotonous work of ‘keeping the lights on’, such as manually maintaining existing systems, sifting through security alerts, and laboriously making device configuration changes.

Automated security policy management streamlines and self-documents these processes, tightening up security and compliance. From the point of view of security staff, this level of automation frees up valuable time, enabling them instead to take a far more strategic and long-term approach to their organization’s cybersecurity posture.  It also gives security staff the opportunity and time to further develop and utilize their skills.

Both of these techniques – investing in staff training and development, and automating manual and repetitive security processes – have the effect of improving the organization’s cybersecurity posture and ensuring its cybersecurity staff are highly skilled, motivated and committed. There is certainly more work to be done in terms of encouraging people to enter cybersecurity careers, but once they get there it is vital that organizations work hard to keep them.