Even before the ‘great resignation’ companies were struggling to find, and keep cybersecurity talent. Those wanting and needing to strengthen their security are finding they cannot attain or afford the talent they are seeking.
Security teams are facing the highest volume of threats and vulnerabilities than ever before. Their focus is divided between investigations, vulnerability analysis, and other responsibilities like compliance maintenance. Defense-in-depth requires a combination of security technologies and resources that can span across the organization. However, it also requires investigation and response with 24×7 coverage as attack attempts do not happen just during business hours.
Here are some strategies and solutions for addressing the persistent cybersecurity talent shortage.
Don’t Burn0ut Existing Cybersecurity Talent
If you are lucky to have security resources that excel within your organization do not set them up for burnout. These regarded individuals have at least a four-year degree in computer science or a related field experience and have multiple certifications of their technical cybersecurity expertise. They are in high demand with escalating salaries. They should be seen as strategic employees that will guide and support the organization to keep business protected. But they cannot do it all on their own without help from IT and support from executive management.
For organizations not fortunate enough to be able to hire this specialized cybersecurity talent, they usually lean on IT to fulfill these responsibilities. They too are subject to burnout, especially when expectations are not aligned to the reality of what it takes to protect a company’s assets and data.
The biggest reason for concern is that security operations are around-the-clock functions. The best way to stay ahead of attacks and mitigate costly damage is to catch malicious activity early and block their tactics. This is best done when there is a human attended 24×7 effort. Many organizations just cannot staff with this kind of coverage. You can shortcut operations with pager-alerts 24×7, but it also just paves the way to quicker burnout and exposure potential. It is one thing to respond to critical incidents and but there is both a physical and mental cost when you are continually responding to false positive security alerts.
-Alert fatigue is real. Security and IT can receive thousands of alerts every day. 45% are false positives, making in-house analysts’ jobs less efficient and slowing workflow processes. *
The security technology stack of an organization also is a contributing factor for cyber talent burnout. Being able to obtain enterprise-grade solutions on a mid-sized organization’s security budget is just not achievable. IT and security do not have the luxury of enhanced threat detection, security orchestration, and automation to augment their staffing issues. Cyber first responders and fighters will be discouraged over time with poorly performing solutions and manual processes. Job satisfaction is not only about what you are getting paid. A big contributor is obtaining emotional satisfaction. More than ever, feeling like what you do matters directly to the day-to-day business is becoming important. This includes having job autonomy where someone can direct and prioritize within their role on how to be successful and contribute with meaning.
Smaller organizations can absolutely nurture and obtain cybersecurity talent, but they must reset their expectations. Elevate this role so mundane tasks and burnout scenarios are minimized. A managed security service provider can help. One that provides the ability to upgrade security technology, add threat detection, and 24×7 security operations and response as a flat monthly rate is a new model to consider. The high-stress and often repetitive actions of continuous monitoring and investigating security alerts can be filtered by experts who have built-in enterprise-grade solutions for operations that include threat detection, intelligence, and automation to make sure every event is individually triaged. This does not take away any value of the in-house cyber security talent. They can review the patterns, and make changes, if necessary, within the business for better outcomes. This can include how IT and security are configured and used for critical business processing and plans for growth. Of course, with any security event, blocking an active attack or chasing down malicious activity they will be intimately involved. A provider should be able to give continuous active insight with dashboards and communication updates, so there is always a business focus included with any first-response situation.
Get Help with Security Policies and Documentation
Security is responsible for a wide range of activities, some more engaging than others. Security policy and documentation is one area where organizations fall short when it comes to compliance maintenance. This is an area that security needs to provide support.
As HITRUST, PCI-DSS, and CMMC continue to evolve, this is a key component. These are key compliance standards; in addition, many business agreements are also looking at the supply chain and third-party risk. This is elevating the need for best practices or industry-standard security practices and risk mitigation for many companies. Documentation is the foundation for knowing an organization has the proper plans and procedures to safeguard data.
Completing and keeping up with documentation needs competes with all the other security and IT demands. While it is not necessarily hard to do, finding time is difficult. Security and IT staff normally deal with responding to issues and alerts. This includes deep analysis, hunting, and problem-solving. These traits do not necessarily align with the need to review and update documentation. Know your staff and help them be the most efficient and focused for your business. This is a good case for leveraging a compliance solution partner that can allow you to offset these mundane tasks. The upside is that a good provider will have done many of these engagements before. They can be more efficient and elevate a key component of security and IT, making it easier to maintain going forward.
Related to this problem is providing the artifacts and ‘proof’ needed for compliance maintenance. Gathering and ensuring these items meet the compliance requirements in terms of quality and timeliness is another aspect that security and IT must support. Managed security service providers that make this easier by aggregating the documentation and artifacts in one location, providing a review for quality and completeness, and then sends reminders is a terrific way to support your team. In the long run, you can dampen the chaos when it comes to assessments as your company has been keeping up all along.
-Document debt is akin to technical debt
Changing Security Management
Finding relief from the cyber talent shortage occurs when organizations alter what they believe to be security management. All but large enterprises can afford a deep bench of talent and the best-in-class tools. Yet, they also offload and structure their security management utilizing managed security service providers.
Cyber talent is such a specialized skill with multiple certifications and individuals must continuously learn to keep up with the latest threats and attack tactics. Yet, there are other types of talent that complement and excel in bridging the deep technical aspect of security with understanding business criticality and the competitive advantage of operational efficiency.
Companies willing to look beyond technical cybersecurity skills and change their default model for security management can achieve more value and better outcomes. Nurture staff in IT or recruit those that have the following soft skills:
- Critical thinking and curiosity
- Problem-solving skills and analytical focus
- Communication skills and adaptability
Leverage a Managed Security Service Partner
Businesses need to start addressing their cybersecurity talent shortages and re-think their security management. By-pass the cyber talent crisis and make a change. Finding the right managed security partner gives you many options to get the focus you need today and plan for tomorrow. In the current threat landscape, the benefits can multiply:
- Achieve better security outcomes at a lower cost than keeping it in-house.
- Immediately upgrade to enterprise-grade solutions and protection without the overhead or maintenance.
- Find or nurture staff in lieu of recruiting and get the benefits of the deep cybersecurity talent of an MSSP.
- Find a provider to address your immediate needs, like documentation, or compliance maintenance.
- Provide focus on that necessary function that loses attention when competing with other priorities. Maybe it’s log management/SIEM and threat detection notification.
- Alleviate staff burnout and know that you have coverage with human-attended and active security operations 24×7.
- Obtain quick response and continuous investigations to minimize false-positive alerts.
- Take away the chaos and challenges that lead to cyber talent churn and burnout. Elevate in-house roles to be more in control and strategic while a managed security service provider helps them uncover business risk issues.
- Ensure that your business compliance requirements are easily met controlling against surprises or unexpected costs to address security gaps. A managed security provider with compliance services can integrate compliance assessment with end-to-end security management to provide this coverage.
- Do not accept a managed security provider that is just reacting to alerts and forwards them to your business. Continually having to assess false positives is disruptive. Assess how you can control priorities, focusing on responding to validated security incidents and coordinating response efforts with your service provider.
Acknowledging the challenge is just the first step. Investigating how to make a change is where TECH LOCK can help. Our security consulting services, gap analysis, and compliance assessments help you to understand where to focus and how best to avoid the cyber talent crisis. In addition, our MDR with a Difference delivers the foundational end-to-end security management across endpoint and firewalls, with vulnerability and log management options.
–Every organization, not matter what size, should be able to obtain the security needed to block today’s and tomorrow’s security threats
Self-schedule a meeting today to explore security management changes and bypass the cyber talent skills crisis.
*IDC InfoBrief “The Voice of the Analysts: Improving Security Operations Center Processes Through Adapted Technologies.”