Inside Intel, part 2: The future IT security workforce

The future workforce will look somewhat different than the current workforce, according to Alan Ross, senior principal engineer at Intel.

IT security functions will likely change because computing itself is changing so much—and Intel is at work preparing for the new security landscape.

“Our compute models have evolved along with our users’ expectations; we are no longer in the compute paradigms that [built] the environment we have today—or a few years ago,” Ross says. “Cloud computing, consumerization, BYOD [bring your own device], application development and transparency of information have put us at the point where we need to shift the focus of our IT strategy and architecture.”

[See part 1 of Inside Intel: The evolution of IT security]

Even while shifting their focus to these new areas, organizations must continue to build on key security issues that are important now, including business intelligence, application security, data protection, identity and access management, and infrastructure.

“Based on these key focus areas and the combination of the threat landscape, legal and regulatory environments, and new compute models, we see some new focus areas emerging for the security of the workforce,” Ross says.

These emerging areas and job functions include security data scientists who will work with big data, visualization, correlation and prediction tools; privacy technologists who will focus on using technology to ensure that privacy laws and policies are being met; user experience professionals who will focus on how security affects the way users interact with systems; and application security experts.

Application security “is redundant to the key focus areas, but we see this area changing most rapidly and a skill gap here,” Ross says.

Intel is preparing for these changes in the workforce by developing a security data scientist curriculum, and will begin training interested employees in making the transition. “We are also cross-training technologists on privacy so they can begin to make the change for us toward a privacy-technologist competency,” Ross says.

The company has a formal user-experience team and is using the team’s expertise “to help us understand the best way to design user experience into our new security-related offerings,” Ross says.

“On the application security front, we are training our developers on a secure development lifecycle and also working toward the right tools, technologies and behaviors to enable a secure application landscape.”

Companies, including Intel, will surely face challenges in meeting the security expertise demands of the future.

“We will continue to find it difficult to match talent and passion in the security field,” Ross says. “It is a rare combination when you have employees who are both talented and passionate about their work, and we see the need to continue to scale our security workforce over time, specifically in [the emerging] areas.”

[Also read Security managers split on BYOS, skeptical of Android devices]

As other companies become aware of some of these needs, Ross says, “we also need to keep our employees growing and engaged along with providing the right level of opportunities.”

Another challenge is that technology is moving faster than the traditional IT development lifecycle. “We no longer have the luxury of taking months to years to deliver new capabilities and services to the business,” Ross says.

“Security has often been seen as a disabler or [as] hindering development. This means that our business groups will start to look outside of the organization to deliver if we cannot move fast enough and exceed their expectations.”