Addressing the security skills shortage with technology

null

The skills shortage in technology has been one of the most bemoaned issues of the sector in the last decade. Despite its prevalence in media headlines and the headaches it continues to cause for recruiters and businesses alike, the rhetoric has yet to move from problem to solution.

The issue is only going to get worse, especially for those organisations are leveraging data for competitive advantage. For example, Capgemini has predicted that the volume of data generated by businesses will increase 20,000-fold between 2000 and 2020. While according to the FT “some experts estimate 100,000-190,000 data science jobs will go unfilled in the United States alone, from 2011 to the end of this decade.” It doesn’t take much number crunching to see that there will be a problem.

When you have such a skills gap and large issue of supply and demand – I.e. a lack of candidates or too few people with the ‘right skills.’ It becomes even more imperative that as a business you find every opportunity to help the skilled professionals you do have on your team to maximise the value they can deliver. When access to time and skills is limited, the ability to be able to focus team members on the high return areas of their role rather than on the basic or manual elements can make the difference between success and failure.

The time of a skilled team is eaten up by reporting

As security teams become more and more data-driven, this pain is starting to be recognised. Typically, the current situation calls for regular reporting to the CIO or IT operations, where security team members even now can spend two weeks or more every quarter in spreadsheets, manually turning loads of raw data into something their audience can make sense of.

This manual labour approach has significant implications. With the quantity of data generated by the continually increasing security estates in most organisations, it is of no surprise that often the results have inaccuracies. In a survey from CrowdFlower reported on in Dataconomy, two-thirds of data scientists say data cleaning is among their most time-consuming tasks, and 40 per cent say they simply don’t have enough time to actually do big data analysis.

Extracting data that is not consistent, wrangling it into a spreadsheet and trying to manually connect the dots combined with the discrepancies between the time data lands in a spreadsheet and when it communicated means security’s analysis is then disputed and it ends up being an uphill battle to justify any improvement that needs making.

Even more time gets eaten up when the insight gathered from technical information has to be translated so that it’s meaningful to a business audience who want to understand risk exposure. In the pressure to get things done it is inevitable that mistakes are made, but even if the data is clean the chances are by the time it’s completed it’s out of date.

Specialist skills end up focused on basic problems or not enough time on the right basic problems

It’s a constant struggle for security teams to ensure good cyber hygiene is maintained. IT operations own many of the activities that deliver a baseline level of protection from threats. However, security and IT teams don’t typically have visibility across their environment to know if ‘the basics’ are being maintained consistently in terms of coverage, operational status and effectiveness.

To get the insight required, teams find themselves back in the manual labour circle of discovery. Once they’ve passed that hurdle as a result, security professionals hired to develop advanced capabilities often discover gaps in cyber hygiene factors. Then, because more advanced capabilities depend on ‘getting the basics right’ to be effective, those professionals have to spend time investigating the situation across the whole environment, and working with IT operations to resolve issues.

Or if the data insight challenge is too overwhelming to get clarity teams can find themselves working on estimated best guesses as to where time and energy should be spent to bolster their security and risk status. In either scenario the focus, due to lack of bandwidth, leads to fire-fighting rather than the ability to get ahead of the challenge.

Expertise is overwhelmed by firefighting

Linked to the point above, security functions can receive 1000s of alerts a day from technology designed to detect threats. Teams often find they’re swamped with more data than they can reasonably deal with – a lot of which is noise, not signal. Because they have to sort through this data to find and disrupt threats, teams have less time to work out: what is the next most effective action to manage risk across our environment?

They know that dealing with the basics would be a big step towards minimising noise and being able to focus and prioritise detection efforts more efficiently. However, as they are increasingly consumed by firefighting, this gets harder and harder to achieve because they can’t escape the cycle of constantly managing newly discovered incidents, which can have the same root cause.

Effective technology approaches to allow you to move from firefighting to fire-proofing

By leveraging technology security teams can reduce the amount of time spent on the low-value elements of their role freeing them to focus on the high-value areas which intern creates the space to accurately align time and energy across teams on the areas of most significant return. In effect, optimising the security machine to run smoother, faster and more effectively. They do this by focusing on:

  • Automating ingestion, collation and normalisation of data from across security, business and IT solutions and services and combining into a single reporting tool to deliver meaningful, timely and accurate information for stakeholders like audit, risk and IT operations
  • Use specific security focused best practice data analytics to gain continuous visibility into the coverage, operational status and effectiveness of security controls across the environment.
  • Strike the right balance between investment focused on prevention vs. detection so that teams are not stuck playing alert and incident whack-a-mole
  • At the heart of each of these goals is the need to advance and simplify how data and metrics are used for two purposes: firstly to identify, measure and communicate risk; and secondly to prioritise and justify actions that will reduce the risks that matter most, efficiently and sustainably.

With this approach, technology can solve the biggest problem in technology – addressing the skills and people shortage by enabling professionals to do more. Crucially, done right, technology can free them from being tied to manual processes, poor data integrity and job frustration.

Albert Plattner, Commercial Director, Panaseer
Image Credit: Bbernard / Shutterstock