Can technology beat the skills gap?

Attracting and keeping skilled cybersecurity staff isn’t easy but you can give yourself an advantage.

By Bill Clark

Fri 15 Mar 2019 @ 10:40

Cybersecurity staff are in short supply, with a predicted shortfall of 1.8 million staff by 2022. That’s enough to cause sleepless nights for anyone tasked with the cybersecurity portfolio. Unfortunately, that was the best-case scenario.

According to a new study by (ISC)², a certification body for cybersecurity professionals, the shortage of staff is actually about 2.9 million. Not three years from now. Right now.

That new, higher number is the result of a new methodology by (ISC)². Their calculations don’t simply subtract the current supply of cybersecurity professionals from the number in demand. Instead, they include unfilled positions within companies and also estimate the future growth in demand in those companies at what they say is a more realistic figure.

Reducing the churn

Cybersecurity professionals are in high demand and many companies are running with staff shortages. This means staff are working flat-out just to keep up with the huge amount of data they must deal with.

There’s no time to plan, no time for higher level analysis and limited opportunities to take proactive action to improve security. Despite these challenges, the study found 68 per cent of respondents were either ‘very’ or ‘somewhat’ satisfied with their jobs.

That means about a third of staff are unsatisfied with their cybersecurity roles. Organisations must consider what these valuable staff need to both do their jobs well and be satisfied in their roles. In a market with zero unemployment, cybersecurity staff can always find another role elsewhere.

In a recent opinion piece, CSO enumerated why staff should consider leaving their current roles:

  • Increased pay in a new position
  • Switch industries
  • Upward mobility
  • Company has bad security
  • Master new skills

Changes in compensation is a business and HR issue to consider, given the cost of recruiting new staff may be higher than increasing the pay for current staff. It’s also unlikely an organisation is going to transition into a new industry, from finance to healthcare, for example. However, of those five reasons, three can be addressed with the proper use of technology, especially with NextGen SIEM.

While there may only be one CIO or CISO role available in an organisation, NextGen SIEM gives staff greater insight into data and allows them to do more in the time they have. This presents an opportunity to take on higher-level tasks, providing them with a greater sense of accomplishment.

The (ISC)² survey saw a quarter of those surveyed say a major concern was that there was too much data to analyse. Advanced network monitoring and user and entity behaviour analytics (UEBA) lets staff deal with the volume of data and still have time to take on tasks that add value and give greater job satisfaction.

As highly-skilled professionals, cybersecurity staff want to feel that the work they do matters. Organisations that don’t take security seriously and expect staff to work through a hodgepodge of systems to do their jobs are sending the message that security isn’t a priority. If the company doesn’t take security seriously, neither will staff.

Furthermore, they don’t want to have a major security breach in their work history. Giving them the tools to quickly identify and respond to threats reassures them that security is a priority and they’re not fighting cyberattacks with one arm tied behind their back.

NextGen SIEM also allows staff the chance to work with the latest tools and techniques for addressing the ever-changing threat landscape. Being able to improve their skills on the job keeps them engaged and growing. NextGen SIEM also allows staff the chance to work on higher level analysis and strategic, proactive security initiatives, increasing their capabilities and providing more value to the organisation.

Mind the gap

Attracting and keeping good cybersecurity talent is likely to remain a major challenge for some time to come. Organisations that show they are serious about cybersecurity will have the advantage.

The thought of buying new software and systems that will magically solve cybersecurity gaps is appealing. But those tools will always need smart, capable people to run them. Improving mean time to detect and mean time to respond is an investment in those people. With the right tools they can and will build a robust, responsive cybersecurity environment.

Learn more

Find out what the LogRhythm NextGen SIEM Platform can do for your cybersecurity staff.