Security Roundup: Cybersecurity Talent Shortage, Unbound Tech-Enveil, Trustwave

Organizations increasingly are turning to automation and finding creative ways to cope with the ongoing and intensifying shortage of cybersecurity talent.

The cybersecurity workforce gap has widened to nearly 3 million globally, according to a study by (ISC)², a nonprofit that specializes in training and certifications for cybersecurity professionals. North America has the second-highest shortfall at 498,000, behind Asia Pacific, while EMEA and Latin America contribute a 142,000 and 136,000 staffing shortfall, respectively.

(ISC)2’s John McCumber

John McCumber, (ISC)^2’s director of cybersecurity advocacy, tells us the talent shortage likely can be attributed to a lack of understanding about what it takes to create a career in cybersecurity.

“Many people think it’s a grouping of highly technical jobs that requires them to come in with polished skills across the entire breadth of IT security,” he said. “And given the high stakes, it may seem like an intimidating profession. We as an industry need to do a better job of helping people understand that training opportunities are plentiful and that many of the skills they already possess can be transferable to cybersecurity. We also need to be more welcoming to a larger talent pool, and that means recruiting more women and minorities to join our mission of inspiring a safe and secure cyber world.”

Organizations that create a resilient cybersecurity culture tend to do a lot of the same things, McCumber said. They write clear job descriptions that demonstrate their understanding of the specific role that each staff member will fill, they hire certified cybersecurity professionals in order to build strong teams, and they train and promote from within, he said.

“Interestingly, our research found that 86 percent of organizations that consider themselves adequately staffed with cybersecurity talent employ a chief information security officer (CISO), which compares to 49 percent of companies overall,” he said. “Finally, a lot of top cybersecurity talent can be found in the federal government. Instances like the current government shutdown can help private-sector organizations lure candidates with the promise of a more stable position and better compensation. (ISC)² research finds that 50 percent of organizations who have adequate cybersecurity staffing have successfully recruited talent from the government ranks.”

It all comes down to creating an environment where cybersecurity professionals feel their contributions are valued and recognized by executive management, and one where they can receive consistent training to progress in their careers, McCumber said,

Nowhere is the skills shortage more prevalent than inside the security operations center (SOC), where the increase in the volume of alerts requiring action far outpaces an organization’s ability to hire skilled analysts, according to Siemplify, which provides security orchestration, automation and response (SOAR) solutions. SOAR is gaining traction to help alleviate “alert fatigue” as these services increase the efficiency of existing SOC analysts, helping security teams get more work done, it said.

Security orchestration both integrates disparate tools in a single pane of glass and eliminates a lot of the specialization that is required to run each security tool independently. Also, it allows security analysts to …