cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

How many people are we really short in the cybersecurity environment?

HI All

 

Saw this interesting link from CNBC:  https://www.cnbc.com/2020/09/05/cyber-security-workers-in-demand.html

With a quote from ISC2 - stating 4 million people shortages - the highest I have seen is 1.8 million being predicted? 

 

But if an organisation invests in Automation and augmentation of existing staff, with a SIEM, Hybrid and Federated Investigations, with automated Incident Response processes, is this the best way to reduce the impact due to the predicted shortage?   Or do we really need more resources i.e. humans to tackle the current onslaught?

 

Regards

 

Caute_cautim

 

6 Replies
tmekelburg1
Community Champion


@Caute_cautim wrote:

But if an organisation invests in Automation and augmentation of existing staff, with a SIEM, Hybrid and Federated Investigations, with automated Incident Response processes, is this the best way to reduce the impact due to the predicted shortage?   Or do we really need more resources i.e. humans to tackle the current onslaught?


I think it's insane not to invest in automation regardless of a talent shortage. Why would I want to pay someone 50K and up to be a log watcher or to go into different systems to correlate events? 

 

As far as adding more staff, I would be interested to know if there was a positive correlation between the size of the Cyber Security department and number of information systems to the number of events/incidents effectively prevented, identified and mitigated. 

dcontesti
Community Champion

So not in agreement with automation solving the problem.  From experience, it takes people to 1) automate the system, 2) monitor the system, and 3) adjust monitoring parameters. The final step is to investigate anomalies and rectify the issues.

 

The AI systems are getting smarter but I have also seen them totally disable a fully operational system by locking out valid users, hiding data, etc.......

 

I personally think that 4 Million is too high but then I could be wrong, I know there have been many studies done.

 

Even if corporations hire someone to come in an configure their automated systems..I don't see the need for folks really lessening.   Have heard anywhere from 1.2 to 1.8 million shortage

 

It will be interesting to see how various organizations (universities, etc., certification organization) help scale up

 

d

 

 

 

 

tmekelburg1
Community Champion


@dcontesti wrote:

So not in agreement with automation solving the problem.  From experience, it takes people to 1) automate the system, 2) monitor the system, and 3) adjust monitoring parameters. The final step is to investigate anomalies and rectify the issues.

 

The AI systems are getting smarter but I have also seen them totally disable a fully operational system by locking out valid users, hiding data, etc.......

 


I'd say most people would agree you need a hybrid model to help solve the problem. You can't rely on just people or automation alone. 

 

Has anyone ever heard of the phrase, "the problem is not the problem"? It could be a bit too philosophical but is the real problem a shortage of personnel and talent in the field or is there another bigger issue further upstream? I'm not claiming to know but just posing the question for thought.

 

I'd also wager that the systems locking out or shutting down services were doing exactly as the human overlords designed them to do. More than likely the settings were not setup correctly to begin with and a proper risk assessment wasn't conducted. The risk assessment would tell us if the business could except the risk of the service being shut off by the system, regardless of the event being a false positive.

 

 

GerryS
Contributor II

Spoiler
I see a hybrid approach as the model for cyber security. 
Will the number of people increase with the increased automation? Staff to monitor and correct the systems as well as those developing the systems.

It would be very interesting to know how people are estimating the number os people we’ll be short. 
Caute_cautim
Community Champion

@tmekelburg1Thank you for your response.

 

I agree personally, given the number events that come flashing through a Security Analyst screen these days, even with particular Use Cases that you need to identify and take action upon - unfortunately human beings are not good at remembering patterns, or holding long term memory or having a more holistic view, which can only be built up over time.  What what I have seen, we commenced our journey teaching the Augmented Intelligence the basics.  It was a toddler for weeks upon end, learning and having to be corrected as was taught.  In fact, it passed the CISSP test several times by using this as a baseline to assist it formulate approaches to different problems and to recognise patterns.  These days it is assisting Security Analysts by a) teaching new ones what to look for, b) it nudges the security analyst to "have you looked at this" scenarios, and also gives them a probability of the highest risk, so it assists the security analyst to concentrate on what matters. 

 

We have got to the point that the Security Analysts efficiency has increased to 60% and improving, by augmenting their capabilities and teaching them to improve their skills as well.   It also improves the issues whereby Security Analysts get burnt out, as it encourages them to develop their own skills and keep learning as well.   The threat modelling has improved and it is fast developing from SIEM to Hybrid and the next step is federated searches to provide greater context and openness using the Open Cybersecurity Alliance (OCA) partnership https://www.oasis-open.org/news/pr/open-cybersecurity-alliance-unveils-first-open-source-language-to...

 

Which is worth looking at along with Stix Shifter, which allows greater number of inputs or sources to be integrated easily, so the greater the a mount of information curated and analysed, the greater the ability to detect, identify and respond.  

 

From our experience, it has been a positive one, no one organisation can solve this problem, we definitely need to raise the maturity bar and collaborate openly.

 

Regards

 

Caute_cautim

Caute_cautim
Community Champion

@dcontesti   I agree, it is definitely a balance between Augmented Intelligence, but with People, Processes, and Technology along with Machine Learning, it is a constant learning path, but if the baselines are refined and the amount of development invested it, it definitely pay dividends.

 

Automation by itself will not solve the problem and it will not reduce shortages.

 

I have a lot of organisations using traditional security i.e. throw more security analysts, unfortunately, given the amount of events coming through so quickly, even MSSP's have found themselves caught out, i.e. they did not realise they had been compromised through exfiltration themselves. 

 

Regards

 

Caute_cautim