You are currently viewing Is the cybersecurity talent shortage a myth?

Is the cybersecurity talent shortage a myth?

In this interview for Help Net Security, Ricardo Villadiego, CEO of Lumu, explains why he thinks the cybersecurity talent shortage is a myth and how organizations can overcome this challenge by improving technology.

There has been a lot of talk lately about the Great Resignation. How has this phenomenon affected the security posture of organizations?

Talent specializing in cybersecurity was already scarce before the Great Resignation. With threats evolving endlessly, organizations have found themselves needing to hire more talent to leverage more security technologies. During the pandemic, security became even more complex as most (if not all) of the protection that had been deployed remained in empty offices, so the workload for a security team increased significantly. Of course, this complexity created the perfect situation for the cybercriminal.

An unprotected environment, a distracted end user, and an overwhelmed security team – the end result is inevitable. A data breach or ransomware incident is almost certain. This has significantly affected the security posture of organizations. What we see today is something completely new. And while the technologies are readily available, they must be leveraged in order to deliver value, whether that be protection or detection.

Security teams are very overwhelmed by what we used to call alert fatigue. Too many alerts and too little time to know which alerts are important. Add to this “portal fatigue” where SOC teams have to jump to and from different portals to get the necessary context on a particular incident. This creates burnout but also frustration among security teams because they are on a road that leads them nowhere.

Why do you think technology is the main culprit?

It’s a combination of things, but yes, technology is partly to blame. Vendors have made the operation of the technologies they have designed an afterthought. These technologies were never designed to be exploited effectively.

There’s also a certain fixation on technologies that simply don’t offer any value, but we continue to put a lot of effort into them, like SIEMs.

Unfortunately, many technologies rely on legacy systems. This means that they carry the weaknesses and suboptimal characteristics of those systems that have been adapted for other intended purposes. For example, many people still manage alerts using cumbersome SIEMs that were originally intended to be log accumulators. The alternative is “first principles” design, where technology is developed with a particular purpose in mind.

Some vendors assume that their operators are the elites of the IT world, with the highest qualifications, extensive experience, and in-depth knowledge of every piece of adjacent technology or integration. Placing high barriers to entry on new technologies (time-consuming qualifications or poorly delivered and expensive courses) contributes to the self-imposed talent shortage.

How to improve technology to optimize and simplify the work of current talents?

Technology must be designed to be exploited – months of expensive training also means you’re taking our scarce talent out of the job, but the threat actor is doing it now and won’t wait for your team to be trained to target your organization.

It should be easily deployed – technology that takes months to deploy shouldn’t exist.

Technologies adaptable to different technology stacks should be preferred – changes to your infrastructure for a solution to work should not be a requirement.

The training of operators of these technologies must be optimized, with educational resources accessible free of charge and user-friendly.

What role does training play in improving people’s abilities to deal with growing cybersecurity threats and not feel overwhelmed?

If the attacks evolve ad infinitum, we must also evolve our knowledge about them. This would respond to the fear of being overwhelmed. We need to focus on learning, what are we learning today versus what we don’t yet know.

The training offers a significant advantage in preparing to deal with growing and evolving cyber threats. There are two key elements to ensuring cybersecurity operators are well equipped to handle cybersecurity threats and don’t feel overwhelmed, both involve some level of training.

The first element is to understand the nature of these threats. Threats will constantly evolve. Understanding the latest techniques used by attackers and the most prevalent threats is essential to avoiding targeted attacks. This requires continuous education and training.

The second element is the person’s ability to manage the detection and response to these threats by selecting the right solution. Choosing a cybersecurity solution requires experience and knowledge in the field. It is very specific to an organization’s needs and existing cyber threats.

Training and experience provide cybersecurity operators with the information they need to know what they are up against and act accordingly.

Is there any particular method companies should consider to help them retain talent?

Companies must remain competitive in terms of benefits, compensation, etc., but the main focus must be on establishing the right culture. Cybersecurity professionals have options and aren’t afraid to explore them if their current employer doesn’t promote the right culture.

In addition to culture, it is important that employees believe in the mission of the company. When they are equally invested in the work they do, they will continue to be engaged and feel like they are part of the solution.

Leave a Reply