The cybersecurity talent shortage is only going to get worse until there is a massive effort to train millions of new cybersecurity professionals.

In the meantime, Optiv Security and Momentum Cyber have published a white paper that discusses the five key trends and technologies that could dramatically reduce the impact of the skills shortage by creating much greater efficiency in enterprise security programs.

The talent shortage is projected to hit 1.8 million jobs by 2022.

Optiv Security’s Todd Weber

Todd Weber, Optiv’s vice president of partner research and strategy, tells us that until “we start thinking of different ways to train people on a mass scale for cybersecurity, I don’t see that changing.”

“… How do we do things in elementary schools, to where we’re not trying to train up 1 million people, we’re training up 10 million people?” he said. “Get them exposed to cybersecurity at a very early age and then build that as part of the educational system.”

Worsening the problem is the increasing number of new security tools along with the proliferation of new cybersecurity companies, he said.

Optiv and Momentum identified the following trends and technologies to tackle the problem:

“One or two of these five can make a large impact, it kind of depends on people’s maturity model and how much they’re willing to invest into those efficiencies,” Weber said. “Some of them are hard to avoid these days. Name a tool you can buy that doesn’t say machine learning or artificial intelligence (AI) on it somewhere? But that’s not really the question. What people should be asking is …

… not does it have ML, but what kinds of things can I do with it? How do I get outcomes out of this – meaning I’m looking at these large data sets – how do I get pattern recognition from these that I wouldn’t normally get as a human being? What sorts of outcomes can I pull from this?”

Partners can help organizations deal with the talent shortage in multiple ways, Weber said.

“We’ve already built many of these things and we’ve already done many of these things, and taken the trial and error component out of the mix, as well as how all these systems can be orchestrated,” he said. “Not all APIs are created equal. The amount and quality of the data you can pull or push differs tremendously, and the documentation of what you can do within those APIs varies incredibly. Customers trying to do that on a trial-and-error basis all by themselves can take a tremendous amount of time, and the whole crux of this is you’re trying to save time.”

The channel can “backfill” the shortage and then help an organization strategize on outsourcing large portions of its cybersecurity operations to larger companies that are fully staffed, “especially toward the SMB space, which traditionally had one or two people for security,” Weber said.

“How are they supposed to watch 24/7/365?” he said. “There [are] some things they can do to keep that, but it’s wholly inefficient to try to keep that level of rigor on their systems over a forever time period with one or two resources. So how can channel partners’ help through managed services?”

SafeBreach Rolls Out New Platform Upgrade

SafeBreach has unveiled a new platform upgrade that extends security data with new classes of simulations to validate security controls, additional board-level metrics to drive prioritization, and new integrations to speed the process of remediation.

SafeBreach’s Guy Bejerano

Already able to simulate more than 3,600 attack methods, these new additions expand simulations further across each stage of a malware attack. Guy Bejerano, SafeBreach’s CEO and co-founder, tells us the updates open up new opportunities for his company’s partners.

“For example, with enhancements such as email and ransomware file-encryption simulations, our partners can now work with enterprise security teams to validate their email and behavioral-based endpoint security controls,” he said. “Our board-level risk metrics enable them to have strategic discussions with CISOs. And finally, our integration with Demisto’s automation and orchestration platform enables partners to offer the complete breach and attack simulation workflow — simulation, prioritization and remediation.”

Cyber Watch Systems, a Texas-based partner that provides security services, has established BreachWatch, an offering based on the SafeBreach platform, Bejerano said.

“We closed an opportunity within 25 days of launching this service,” Bejerano said. “There is a huge need by security teams today to proactively identify where they are protected and where they are not. Our platform approach and continued innovation such as with this product release deliver a huge advantage for all our partners.”

T-Mobile Data Breach a Lesson in Data Stewardship

Last week, T-Mobile announced a data breach that may have comprised the personal information of about 2 million customers. The company said no financial data, credit card information, social security numbers or passwords were involved in the breach, but hackers may have obtained …

… metadata such as customers’ names, billing zip codes, phone numbers, email addresses, account numbers and account types.

Alfresco’s Ankur Larola

Ankur Laroia, Alfresco Software‘s worldwide leader of strategy and corporate development, tells us this metadata is “still very important, and has to be protected and curated.”

“Hackers … likely will target people that are not prepaid, have good credit and are regular subscribers,” he said. “Malicious actors can start to profile these people. They also know where they live and they have their phone number. It’s not so much about how this has happened, but more about the implications of has happened. There’s no news around any sort of remediation they’re going to take.”

Data stewardship can be a very costly and damaging process if it’s not done correctly, Laroia said.

“Look at all the hacks that have happened … these are serious times that we live in, and data stewardship should be a part and parcel of any company that has data, not just on consumers, but also on their employees,” he said. “Now with the advent of the digital world that’s awash in data and metadata, it’s an obligation, not a nice-to-have, for companies to be good stewards of just data in general. It should be a normal part of business.”

A lot of the data hackers are going after is structured data that’s housed in data bases, Laroia said. But hackers now are increasingly pursuing data kept in file systems because it’s not as secure, he said.

“Only about 20 percent is actually stored in a database and the rest of it is typically stored here, there and everywhere, and the controls on that information is spotty at best,” he said.

Exabeam, Okta Deliver Identity Security Offering

Security information and event management (SIEM) company Exabeam has partnered with Okta on a joint identity-security solution designed to help security teams monitor and protect enterprises against credential-based threats.

Exabeam’s Chris Stewart

Exabeam has joined the Okta Integration Network. Okta’s identity platform helps security teams to detect and respond to user-based threats before they become critical.

Chris Stewart, Exabeam‘s senior director of business and corporate development, tells us the offering “opens the door to new revenue opportunities for our partners, merging what are often disparate budgets.”

“This enables channel partners to tap into the IT budget where access management and IT governance money typically come from to grow their projects, rather than just going to the security buyer,” he said. “This increases the level of sponsorship in an organization. For example, they can receive buy-in and support from the CIO as well as the CISO.”

Okta is a “strong market leader,” and Exabeam is recognized as a rapid-growth company in the SIEM space, Stewart said.

“We follow a similar philosophy of really getting to the root of the problem and solving it elegantly and efficiently in a variety of environments,” he said. “This gives partners the confidence to go into sales situations in any type of environment, including legacy, on premise, multi cloud and hybrid cloud, to showcase security in the next generation of IT networks.”