There seems to be a global evolution in security talent worldwide - partly from want and partly from need. The technology, talent and techniques once necessary to support a sound security posture are changing as threats and business needs also change. My most recent trip to Latin America helps amplify these changes. ColombiaLast week I was fortunate to return to Bogota, Colombia. Much like my recent travels and blogs around Brazil, Singapore and South Korea, I was able to spend time with government agencies and enterprises discussing cyber security, business trends, and experiencing the culture. In this case that culture included drinking Pisco Sours and dancing to traditional Cumbia music while spending time with dozens of security practitioners and managers throughout Bogota.In Latin America, Colombia is one of the most important countries from a business perspective along with Brazil, Mexico and Chile. Colombia also has the third largest population in Latin America with 46 million people after Brazil and Mexico.With an improving economic and political environment, some controls around intellectual property and growing government support of industry, Colombia continues to strengthen. However, legal maturity, infrastructure and education are still behind when compared to other developing nations, according to Gartner’s “Analysis of Colombia as a Offshore Services Location.”Gartner also points to Colombia’s 190 universities that graduate about 30,000 students with business degrees every year, and about half of those are engineers. The number of people with IT skills is increasing, but it’s still not enough to address the need. This supply and demand issue surrounding IT talent is on par with virtually the rest of the world. Security AdministratorsWhile in Bogota, it quickly became apparent that the security administrators of old are quickly changing. When I say “security administrators” I’m referencing a type of IT security professional that focuses on tasks like:Creating firewall and VPN rulesSetting up proxy policiesDefining IPS signaturesMaintaining endpoint security controls like anti-virusKeeping the security infrastructure runningI’m not attempting to downplay the importance of these roles. These are all important and necessary tasks, but the skills required to be a security administrator are quickly becoming tasks associated with more junior security staff. They are considered the basics that every security practitioner needs to know just like basic system and network administration are requirements to be effective in security. In Bogota many of the folks I talked with stated that the security administration tasks like those listed above were once the entirety of their security program. But over the last year or two they’ve had to adjust. Because of the changing threat landscape and the adoption of new organizational trends to use security to empower — not slow business — change was necessary. They’ve had to invest in more advanced security training for their staff as well as security solutions associated with incident detection and response, and modify their security programs to focus more largely on prevention, detection and response, as opposed to primarily preventative controls like firewalls and anti-virus alone.Security AnalystsMany of the security practitioners I spent time with either considered themselves security analysts already or were working to achieve this designation. Part of this was for job security so they could differentiate themselves in the market, but honestly security people being who they are, there is always a new challenge to embrace, new technique to learn, and new technology to master. This constant change is want attracts most of us to this type of career to begin with.These individuals all spent time as security administrators at one point in their career but have now moved on to what they consider more advanced tasks such as:Responding to incidentsDissecting malwareInvesting suspicious insider activityPushing the limits of log capture and packet capture for analysisIntegrating disparate products, vendors and intelligence feeds to improve efficiencies and effectivenessGapThere are various reasons for this change from administrator to analyst. People want to be more marketable because they have these advanced skills. They need to support more dynamic, agile businesses. But the largest driver seems to be “gap.” There is a growing gap that most organizations realize exists between the time it takes for an organization to be compromised and the time it takes for an organization to detect and mitigate that compromise. Most studies state that an organization can be compromised in hours but most don’t even discover it for months. This gap, often called the “threat window,” is simply too large. Trying to address it with the technology, talent and techniques associated with security administration is like fighting today’s war with yesterday’s technology: it’s untenable.In Bogota, even with extremely limited budgets and resources, they are adjusting to avoid being too focused on preventative controls and security administration, and are now including incident detection and response programs staffed with security analysts. Unfortunately there are fewer people with these skills and as such various steps that are being rapidly taken to rectify this so that the gap can be minimized quickly. Some steps include:Consultants – third party security analyst staff augmentationOutsourcing security administration to a managed security service provider or MSSP so that the limited staff can focus on analysis instead of administrationAnalyst certifications and training such as GIAC and SANSInvesting in incident detection and response security technologiesEngaging in hacker competitions – one telecommunications firm I talked with offers an internal hacker challenge to employees with a cash prize to keep their security team sharpI’m curious to know what other organizations are doing to ensure their technology, talent and techniques are ready for today’s threat landscape and how they are minimizing the gap. Image credit: Bogota, capital of Colombia by Naoki Nakashima (CC BY-SA 2.0) Related content opinion Congrats - you’re the new CISO…now what You need foundational visibility into your security posture regarding what’s working and what’s not. By Brian Contos Mar 06, 2017 5 mins Technology Industry IT Strategy Cybercrime opinion Before you buy another cybersecurity buzzword Get value from what you’ve got before buying something new. Get rid of solutions that no longer add value and acquire new ones that are really needed with confidence. By Brian Contos Feb 21, 2017 2 mins RSA Conference IT Skills Network Security opinion What some cybersecurity vendors don’t want you to know When evaluating security products, you might be doing it wrong if you’re not incorporating assurance testing. By Brian Contos Feb 08, 2017 4 mins Technology Industry IT Skills Security opinion What football teaches us about cybersecurity You wouldn’t expect a football team that never practices to win the Super Bowl; but we expect wins every day from our cybersecurity professionals. By Brian Contos Feb 01, 2017 6 mins Technology Industry IT Jobs IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe