Addressing The Cybersecurity Skills Gap Problem in IT
Abstract: The cybersecurity industry is facing a crisis of resources, where the demand for analysts outpaces the supply of talent, and the talent that is available, may not have the necessary skills. Between attrition, churn, and an ever-evolving security landscape, organizations need to look outside the traditional technology pipeline into future analysts from different backgrounds and focus on retaining, and upskilling their teams.
The cybersecurity industry is currently facing a crisis of resources. Not only are there not enough talented cybersecurity professionals to fill open SOC positions globally, but a large number of current professionals are also leaving their positions due to increased workloads, burnout, and lack of training/upskilling. This is a considerable challenge industry-wide and one that is only posed to get worse if not addressed adequately.
Reasons For The Gap
The role of a cybersecurity analyst is one of immense pressure, an overwhelming volume of mundane tasks, and a propensity to alert fatigue and burnout. So much so, that on average, an analyst generally has a tenure of 26-30 months in their position before leaving. Hence, on one hand, there is a demand to fill analyst positions in SOCs across the globe, but for a myriad of reasons, there aren’t enough skilled and qualified workers to fill them. The ratio between jobs and talent leaves much to be desired.
While intuitively, the next step to countering any sort of worker shortage is to begin hiring new recruits and building a pipeline of future analysts, it’s actually not that simple. The cybersecurity industry, as it stands, faces several challenges when it comes to hiring, training, and upskilling, including:
- At present, there are very few, to no, apprenticeship-style opportunities within the cybersecurity field to assist with education and recruitment.
- There’s a lack of a clearly-defined career path.
- Increasing complexity in the technology landscape.
- Problems are solved and solutions implemented, but by the time they are implemented at scale, there are new problems to address.
- Businesses fail to consider the time it takes to train new security staff. On average, it can take a year to onboard and train a new analyst, and between 3-5 years for true cybersecurity proficiency.
- Hiring managers (50%) have found that they generally don’t believe that their applicants are qualified for the roles but hire anyway.
Clearly, none of this is working as intended, and the talent gap persists, and attacks surfaces grow. In facing emerging technologies such as AI, machine learning, cloud computing, and any other tech buzzword on a hypothetical bingo card, SOCs and CISOs need to forge new staffing and training paths to ensure they have the best personnel for the job.
The Pathways to Cybersecurity Staffing
Thinking Outside the Box
According to a projection by the U.S. Bureau of Labor Statistics, the role of an “information security analyst” will be the 10th fastest growing occupation over the next decade. With an employment growth rate of 31% compared to the 4% average growth rate for all occupations, new solutions are necessary. On the positive side, it’s realistic that a majority of the entry to mid-level positions can be filled by talent that will not require certifications and allow employers to cast a wider net for candidates.
According to the (ISC)2 Cybersecurity Workforce Study, 2021, organizations are looking towards a broader array of qualities in potential employees rather than a list of technical certifications. It’s conceivable that someone without a technology background can receive training and move into a technology role full time, while also offering a variety of new perspectives and modalities of thinking due to their varied experience. In the future SOC, both technical and soft skills are necessary.
The reality is that the pathways to cybersecurity are evolving. Not every cybersecurity professional decides early on in their educational career that this is what they want to do. While programs and certifications exist, the ever-evolving nature of the industry dictates that they’re not as common as they should be. Thus the talent pipeline is currently more narrow than required. Some organizations, such as Microsoft, IBM, and Google, are committing to programs to offer placements, training, and certificates to address the shortage by 2025. But that’s only half of the solution.
The same (ISC)2 study cited above indicates that the majority of those polled came from an IT background, with 47% identifying as such. As many as 17%, however, came from an unrelated career, 15% gained access via cybersecurity education, while the remaining 15% were self-taught, learning cybersecurity concepts on their own. The key to the future SOC is not technical, but more cerebral - relying on strong problem-solving abilities, curiosity and a willingness to learn, strategic thinking skills, and the ability to communicate effectively. These traits should be viewed as equally important as cybersecurity certificates and experience.
Retain Your Talent
Having a lot of vacancies in your SOC is already troubling enough, especially when it comes to the specialization of security solutions and roles. Most SOCs today have turned to a 3-tier system where the entry-level Tier 1 is the group of analysts that are onboarded and learning the ropes or outsourced. This is where the gap begins. Tiers 2 and 3 are a smaller group of bandwidth-constrained specialists that are more expensive, harder to hire, and even harder to retain.
But retaining your existing staff is what you need to do.
Admittedly, this sounds difficult given that SOC analyst teams are overworked, but it’s the most efficient and effective solution. Upskilling and reskilling current staff and building your security force from within is a critical step in closing the skills gap and the opportunity gap for those that lack the technical skills or a technology degree. Many organizations globally have turned to their own ranks to offer infosec-dedicated programs for upskilling and tuition reimbursement for external training. On top of these programs, another solution that can help ensure the SOC analysts have all the skills they’ll need; AI-Assisted Cybersecurity.
AI-Assisted Cybersecurity Can Bridge The Gap
The best and most skilled SOC analyst team uses technology to their advantage, where analysts and automation work hand in hand to reduce workload, repetition, and burnout.
At its core, AI-Assisted Cybersecurity, such as Arcanna.ai, offers a hybrid approach to cybersecurity where humans and AI work together to improve efficiency in security operations by integrating cybersecurity expert knowledge within AI models and enabling analysts to validate AI results. Not only does the AI benefit from the collective knowledge of the most senior analysts via deep learning, but that knowledge also stays in-house and can be used as a safety net as new hires learn the particularities of the new environment and to upskill others on the team.
This frees analysts to focus on managing their workloads, having time for upskilling, and focusing on the nebulous world of evolving cyberattacks and elements that machine learning can’t. Consider AI-Assisted Cybersecurity as a “driver assist,” which helps seasoned analysts manage their workloads more efficiently and allows” non-technical” creative hires the ability to onboard quickly, understand the cybersecurity landscape, and start thinking outside the box. This partnership between humans and machines can begin to narrow the knowledge and skills gap and improve operational efficiency.
When an alert is triggered, the AI-Assisted Cybersecurity system analyzes it and determines a course of action, creates a ticket, adds threat intel, and an analyst reviews the outcome, and feedback is given. The system then adds this learning into its processes, continuing the cycle. Regardless of the organization's size and growth trajectory, AI-Assisted Cybersecurity can scale capacity to handle and address threats to enhance your security parameters.
Together, the SOC team and AI-Assisted Cybersecurity can collectively learn from one another and keep your cybersecurity bubble closed.
Learn more about how Arcanna.ai can address the skills gap in cybersecurity operations.