When asked, “what is the biggest threat to internet security?” the majority of quick-fire answers can likely be represented by the flags of a handful of nation states.
Yet examining the nature of the industry, it can easily be argued that the biggest risk internet security faces is the general inability to respond to and counter attacks launched by adversaries.
Today, it is estimated that there are more than 1 million infosec positions unfilled. This number is expected to grow to more than 1.5 million by 2019, with more than 200,000 of those unfilled vacancies in the United States. This global shortage of expertise lies at the heart of the infosec world’s ability to respond to attacks and has considerable effect on vendors and consumers alike.
With such a gap in unfilled infosec positions, the industry must pursue new strategies to overcome the shortage in human capital and set the industry on a long-term success path.
I believe there are three core pieces to solving this problem.
The first strategy lies with automation. Many security vendors have begun to implant new artificial intelligence and machine learning technologies into their product portfolios to improve the spectrum of threats their products can detect.
However, customers continue to struggle to hire the staff needed to monitor and respond to alerts generated by these products. With that, the impact of increased detection efficacy has yet to be realized.
Security vendors need to shift some focus from reducing the number of hands and eyes needed to operate these detection systems and, instead, automate as much of the data collection, threat validation, false positive triaging, response ticketing, and operational task assignments as possible—effectively doing away with some of the least skilled roles within infosec.
The second strategy is to close the skill gap between freshly minted infosec graduates and the businesses that need them.
Within academic institutes, the preferred method of solving problems and passing exams is to operate as a solo contributor. However, when operating within a business, you’re always part of a group.
The social and operational skills needed to navigate and be successful in working in such groups is rarely encouraged during degree courses, which further inhibits new graduates from being successful.
The institutes producing the next generation of infosec professionals need to acknowledge these sizable gaps and alter their course instruction to accommodate collaborative development and legacy support techniques.
Women in infosec
The third major strategy necessary to close the resource gap applies to encouraging more women to join the infosec community.
Today it is estimated that only 11 percent of the infosec work force is female. This is both a terrible indictment on the industry and a huge opportunity to close the resource gap. While 11 percent is poor, in the most technical areas of infosec, the percentage is most assuredly lower.
In recent years, there has been increased outreach to women to join the infosec community and work force. However, there has been little noticeable increase; the percentage of woman in STEM has been increasing, but the flow into infosec has yet to happen.
When looking at the timeline for acting upon these three core strategies, I believe that automation offers the shortest path. Adjusting the education programs and producing graduates that can be more readily absorbed and made productive within business will take a little more time.
And of the three strategies, encouraging more women to join the fold is the least clear and requires more ideas on how this can be accomplished.
Not only can closing the recruitment gap be done, it must be done.
This article originally appeared on ThirdCertainty.com and was written by Gunter Ollman.