Security Roundup: Optiv-Momentum, SafeBreach, T-Mobile Breach
The cybersecurity talent shortage is projected to hit 1.8 million jobs by 2022.
![Cybersecurity Cybersecurity](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt952145336ed13e33/6524fb5a16f15a6d70171d87/Cybersecurity.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
The cybersecurity talent shortage is only going to get worse until there is a massive effort to train millions of new cybersecurity professionals.
In the meantime, Optiv Security and Momentum Cyber have published a white paper that discusses the five key trends and technologies that could dramatically reduce the impact of the skills shortage by creating much greater efficiency in enterprise security programs.
The talent shortage is projected to hit 1.8 million jobs by 2022.
Optiv Security’s Todd Weber
Todd Weber, Optiv’s vice president of partner research and strategy, tells us that until “we start thinking of different ways to train people on a mass scale for cybersecurity, I don’t see that changing.”
“… How do we do things in elementary schools, to where we’re not trying to train up 1 million people, we’re training up 10 million people?” he said. “Get them exposed to cybersecurity at a very early age and then build that as part of the educational system.”
Worsening the problem is the increasing number of new security tools along with the proliferation of new cybersecurity companies, he said.
Optiv and Momentum identified the following trends and technologies to tackle the problem:
Machine learning: By strategically implementing machine learning to areas where it will save time and improve effectiveness, enterprises can eliminate wasteful triage processes that rely on analysts sifting through piles of data and alerts to find actual threats. Machine learning also provides organizations with intelligence to streamline workload and workflow processes.
Platform consolidation: Several security vendors have been building out security platforms through technology acquisition and new feature development. These integrated platforms provide interconnected functionality that allows consolidated management more efficient than managing disparate point tools.
Security integration: By integrating tools, organizations can dramatically speed up detection and response. For example, if an endpoint tool detects an infected laptop, it can trigger changes to firewalls to block the malware from communicating with its command-and-control host. However, while most tools have APIs for integration, they often are limited, so security pros should factor API quality into their buying decisions when procuring security tools.
Automation and orchestration: Security automation and orchestration accelerate the movement of data between tools for the purposes of threat prioritization, response amplification, labor reduction and consistent workflow.
Continuous security validation: Once these integration, consolidation and automation strategies are in place, enterprises must have systems to test that their security controls are properly configured over the course of time, even as network changes are made. Continuous security validation tools automate and speed the process of identifying misconfigured security tools and network devices.
“One or two of these five can make a large impact, it kind of depends on people’s maturity model and how much they’re willing to invest into those efficiencies,” Weber said. “Some of them are hard to avoid these days. Name a tool you can buy that doesn’t say machine learning or artificial intelligence (AI) on it somewhere? But that’s not really the question. What people should be asking is …
… not does it have ML, but what kinds of things can I do with it? How do I get outcomes out of this – meaning I’m looking at these large data sets – how do I get pattern recognition from these that I wouldn’t normally get as a human being? What sorts of outcomes can I pull from this?”
Partners can help organizations deal with the talent shortage in multiple ways, Weber said.
“We’ve already built many of these things and we’ve already done many of these things, and taken the trial and error component out of the mix, as well as how all these systems can be orchestrated,” he said. “Not all APIs are created equal. The amount and quality of the data you can pull or push differs tremendously, and the documentation of what you can do within those APIs varies incredibly. Customers trying to do that on a trial-and-error basis all by themselves can take a tremendous amount of time, and the whole crux of this is you’re trying to save time.”
The channel can “backfill” the shortage and then help an organization strategize on outsourcing large portions of its cybersecurity operations to larger companies that are fully staffed, “especially toward the SMB space, which traditionally had one or two people for security,” Weber said.