• United States



Contributing Writer

How to address the cybersecurity analytics and operations skills shortage

Aug 10, 20174 mins
Cloud SecurityNetwork SecuritySecurity

The ability to detect and respond to threats is greatly impeded by a lack of cybersecurity skills and staff. Leading organizations offer a few suggestions.

If you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage. Allow me to report some sad news — things aren’t improving at all. In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills. In 2017, the research is statistically the same as last year: 45% of organizations say they have a problematic shortage of cybersecurity skills.

These numbers point to an overall dearth of talent, but the cybersecurity skills shortage is especially pronounced in cybersecurity analytics and operations. For example:

  • According to 2016 research conducted by ESG and the Information Systems Security Association (ISSA), 33% of respondents said their biggest shortage of cybersecurity skills was in security analysis and investigations. Security analysis and investigations represented the highest shortage of all security skill sets.
  • Recent ESG research reveals that 54% of survey respondents believe their cybersecurity analytics and operations skill levels are inappropriate, while 57% of survey respondents believe their cybersecurity analytics and operations staff size is inappropriate. 

The ramifications of skills and staff deficiencies are also apparent in the research. Cybersecurity operations staffs are particularly weak at things such as threat hunting, assessing and prioritizing security alerts, computer forensics, and tracking the lifecycle of security incidents.

Of course, many CISOs propose an easy fix — simply hire more cybersecurity staff to bridge the knowledge and staffing gaps. In fact, 81% of the cybersecurity professionals surveyed say their organization plans to add cybersecurity headcount this year.

Unfortunately, that isn’t always easy to do. According to the ESG research, 18% of organizations find it extremely difficult to recruit and hire additional staff for cybersecurity analytics and operations jobs, while another 63% find it somewhat difficult to recruit and hire additional staff for cybersecurity analytics and operations.

5 ways to address cybersecurity skills shortage

Given the fact that CISOs can’t hire their way out of this mess, what can they do? Here are a few things I see leading organizations undertaking to address the skills shortage:

1. Pushing on automation and orchestration. CISOs are assessing security operations processes, developing formal runbooks, and using technology to help add automation and orchestration to staff sweat and brainpower. Tools from vendors such as IBM (Resilient), Phantom, ServiceNow, Siemplify and Swimlane can be helpful here.

2. Kicking the tires on machine learning. Slowly but surely, large organizations are figuring out the right use cases for machine learning technologies that can help them prioritize and investigate true security incidents. Promising vendors include DarkTrace, E8, Exabeam, HP (Niara), IBM (Watson), Palo Alto Networks (LightCyber), Splunk (Caspeda) and Vectra Networks. CISOs should cast a wide net here, however, as there is a lot of innovation happening quickly.

+ Related: 4 places to find cybersecurity talent in your own organization +

3. Rationalizing, consolidating and integrating security tools. Security operations today is based upon too many tools that don’t talk to each other, adding to security operations overhead. Many CISOs seek to counter this complexity by building an integrated security technology architecture like ESG’s security operations and analytics platform architecture (SOAPA). 

4. Seeking help. Rather than struggle, smart CISOs are relying more on professional and managed services. It should be noted that even the most advanced organizations realize they can’t do everything themselves and are looking to service providers to supplement the internal staff.

5. Investing in training and cybersecurity staff career development. CISOs who want to recruit and retain the best talent need to make their organization a cybersecurity center of excellence. Key areas for investment include training, mentoring programs and career development counseling. Savvy CISOs will also market their cybersecurity programs aggressively so the word spreads throughout the cybersec diaspora. 

A few final thoughts: 

  • When I consult with CISOs, I tell them they should consider the cybersecurity skills shortage in every decision they make. This advice is especially true when it comes to cybersecurity analytics and operations.
  • I keep saying this, but I’ll say it again: The cybersecurity skills shortage is an existential threat that impacts all of us. As such, national governments need to do more. 
Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author