It’s no secret that the threat landscape is getting more complex every week. The bad guys are sophisticated, armed to the teeth, and sharing information. Organized crime syndicates have replaced the lonely hacker in his bedroom. A shadow economy trading in production malware is flourishing in the billions of dollars on the dark web. And now nation states are going after each other and commercial enterprises.
Make no mistake, there’s a cyber war already well underway, and the good guys are losing. So how do we recover and win the war? Unfortunately, there’s no silver bullet here. Automation will help. And we need to design security in from the start on all new code getting put into production – especially IoT and mobile software.
But we also need to recruit a larger army into the fight. Every CISO we speak with laments the fact that they cannot find, hire, and keep enough trained security talent. The sad fact is that universities generally aren’t focused trained security pros and young programmers just starting out their careers don’t view security jobs as sexy.
Here’s how to turn the tide and close the security skills gap over the next few years.
1.) Get universities to turn out more cyber security professionals. Schools should be making security courses a requirement in order to earn a degree in computer or information science. Getting young professionals excited about working for the good guys and for a good cause will boost the interest and appeal in the fight against cybercrime.
2.) Make cyber security jobs more attractive. As of now, when those university graduates and young professionals are ready to go out into the job market, they don’t gravitate toward cyber security.The hard truth is that for many millennials, security roles may not be as exciting as building mobile apps. But by showing these newcomers that in our industry they’ll get to use the latest tools, work with the latest technology and build really cool, sophisticated software that does important, meaningful work, they’ll be more excited about joining the fight.And organizations across the globe are starting to note the importance of this space. The National Institute of Standards and Technology recently announced that it will support the cyber security industry by producing a map that geographically showcases the demand for cyber security professionals with a “jobs heat map,” demonstrating how lucrative a space it is.
3.) Retrain existing talent. With there being such a shortage in talent, companies can’t afford to lose their existing staff. Show your existing development teams that there is a meaningful career path in the security space. Leverage certification programs like those offered by the SANS Institute and give employees the money and time to earn their certificates. Celebrate employees publically when they do earn their credentials.
4.) Internally market security. Security and compliance roles are becoming hot jobs and the functions themselves are getting board level visibility. Internally market successes and show the rest of the company how the security and compliance teams are keeping the business safe, compliant and on track. Talk openly about response planning so that when there is a breach, employees know that there’s a game plan.
5.) Bake security into all new code. This will be especially important as the IoT continues to grow, and the trajectory is only rising. With our everyday connectivity to the internet being the new normal, we need to take steps to make sure that these things are all secure. This only happens by considering security from the start. Though not easy, it’s certainly easier in the long run to have thought about securing a product’s foundation rather than to have to have to patch and build on a weak infrastructure.
6.) Automate. When you bake security into your business and your infrastructure from the start, you can then automate many of the processes, freeing up security and compliance teams to focus on what’s important. They’ll be more agile and efficient, which will contribute more effectively to the security posture and business agility of the company.