Currently, the cybersecurity sector is facing a severe expert shortage. It's more than evident that the Cyber Security industry as a whole needs more cybersecurity experts, but the hiring process turns many away. In fact, most of the time, it can take no less than three months to hire a real expert, which leads to bottlenecks and vulnerabilities in the network.
Every business, no matter their industry, budget, or size, needs to keep their data safe and secure and CISOs are the solution with specialized skills and expansive knowledge that can secure any network. With that in mind, as the workforce currently sits, even U.S. companies are in desperate need of cybersecurity specialists.
The Current Situation
As the market sits now, there are 350,000 vacant positions in the U.S. alone. The worst part? That trend isn’t going anywhere, according to CyberSecurity Ventures, the industry shortfall will rise to a stunning 3.5 million cyber expert vacancies. To put that in perspective, imagine that everyone in Los Angeles is a cybersecurity expert and they don't want to work for us at all. That's more than just a few shortages, and the world is taking notice.
Investing in education is only part of the solution, and if the industry as a whole wants to stay at the forefront of cutting-edge cybersecurity, other solutions are necessary. Here are a few solutions currently in the works.
On the Job Training
While getting students to pursue degrees specifically in cybersecurity is a fantastic goal, it's not always a possibility. That's where the hiring and training processes come into play. Rather than hiring based specifically on the piece of paper the student received after 4+ years, instead, we should hire based on fundamental skills, with the goal of developing these skills on the job.
This approach is increasingly being used by larger firms. Instead of browsing through resumes nit-picking for missing proficiencies, they instead look for the fundamental skills that will help them develop in the future. These can include an understanding of different operating systems, computer networks, Linux, and more. Once they hire, they'll then work to develop professional domain-specific skills like SANS and more.
Rationalize our security portfolio
Traditionally, companies would invest heavily in cybersecurity to address specific problem areas. While it's essential to have all of the areas covered, this approach can lead to many redundancies and wasted resources. In a best-case scenario, the firm might have 5-6 specific security tools, and in the worst case, they'll have over 50.
This means that they’ll need to hire more people to handle these specific tasks and master these tools. Instead, the new approach would be to bridge the technology gap and limit the amount of manual labor required to keep a firm’s systems secure.
The Role of Automation
Following this last point, it becomes clear that automation is the ultimate solution to reduce errors, labor, and redundancies. One example of automation at work in cybersecurity is in security monitoring and investigations. Many of these investigation procedures are executed with exactly the same steps over and over multiple times a day. Over time, the costs of paying a security expert to do these mindless tasks add up. To cut costs and reduce human roles, we must find ways to offload as many tasks as possible to automation and software tools so firms can focus on what really matters and what really requires a human touch.
The ATAR Solution
While the ATAR platform might not be able to change the hiring strategies of firms, but it can make a significant impact through automation after cybersecurity experts are working for your company.
ATAR sports an automation engine that seamlessly integrates with more than 100 different technologies today with a growing library of support application. With ATAR, it is possible to define automation scenarios to mimic manual tasks. ATAR can lookup information (e.g., on databases, endpoints, Active Directory, and SIEM, etc.) to make recommendations and inform decision-makers of potential cyber breaches. ATAR can also take action when needed to block a potential security risk.
The ultimate goal of ATAR automation is to improve staff efficiency by moving existing members away from tedious, repetitive tasks, and into roles where their skills are fully utilized. It’s important to remember that one of the primary drivers between staff loss is from the lack of challenge engineers feel. These cybersecurity experts are some of the most clever in the world and they deserve more than mundane tasks.
If you want to learn more about how ATAR can help you mitigate the cyber skills gap, take a look at our Orchestrating and Automating Security with ATAR brochure or reach out to us to start the conversation.