Narrowing the Cyber Security Skills Gap

The shortage of skills is one of the biggest current challenges facing the cyber security community. Tools and services are widely available to organizations, though few people are qualified to perform the tasks needed in order for cyber security teams to excel.

A report by the Information Systems Security Association (ISSA), a community of global cyber security professionals, and independent industry analyst firm Enterprise Strategy Group (ESG), showed that the gap in skill capability has increased in the last few years. The survey consisted of 327 security and IT professionals worldwide uncovering that the skills crisis has continued to worsen for the fourth year in a row.

Among the biggest impacts of the skills shortage for organizations are increasing workloads, unfilled job requisitions, and the inability to learn or use cyber security technologies. Amid the major talent shortage, many CISOs are deploying security analytics and threat intelligence services, which can help them deal with the threats they’re facing. In the meantime, however, efforts are underway to help address the challenge.

Fullstack Cyber Advisory Board goals and challenges

For example, technology education provider Fullstack Academy and cyber security-focused non-profit Security Advisor Alliance recently launched a partnership and the formation of the Fullstack Cyber Advisory Board. The board consists of senior professionals from Fullstack Academy, Security Advisor Alliance, and leading organizations across the largest companies in the U.S., spanning multiple industries.

The board will focus on advancing Fullstack’s cyber security curriculum to uniquely qualify graduates for entry-level cyber security jobs, building the technical and soft skills employers are looking for in today’s evolving landscape. Business insights recently interviewed Gary Latham, CEO of the Security Advisor Alliance, to get his thoughts on the partnership and advisory board and their challenges and goals.

What are the top challenges facing the cyber security community today, both for organizations and the workforce?

Latham: Mitigating cybercrime and contending with nation state attacks are certainly top of mind for our industry. As attacks become more common and sophisticated, they can have a much larger impact than just personal security. They can also affect global economies considerably. To address this challenge, we must narrow the skills gap by finding and attracting skilled individuals to enter the profession at all levels, but especially at the entry-level where younger professionals can learn, grow, and provide the industry with sustainability and longevity.

What is the significance of the recent partnership and formation of the advisory board, from an enterprise cyber security standpoint?

Latham: The Fullstack and Alliance partnership is an ideal match. The Alliance brings together CISOs and other industry experts to solve cyber security’s biggest challenges, such as expanding the workforce and generating interest for individuals to consider a career in the sector. Fullstack provides the targeted, hands-on skills training that enables individuals to enter the industry and contribute quickly. We see the advisory board as a forum where leaders who are passionate about solving the industry’s challenges can come together to enhance [the curriculum], aligning it with the needs across the cyber security industry both now and into the future.

How will the advisory board try to advance cyber security education and grow entry-level talent in the industry?

Latham: Cyber security is an industry where individuals can thrive with or without a technical background. In fact, some of the best talent we’ve seen enter the industry has come from non-traditional backgrounds. For example, a former certified public accountant—who can combine their emotional intelligence and analytical experience with fundamental cyber knowledge—has the tools needed to become a highly effective cyber security analyst. So, in our industry, “entry level” doesn’t always equate to “inexperience.” We’re focused on finding professionals with the right soft skills who could benefit greatly from specific skills training.

How will the efforts of the Alliance and board help address issues such as the rising ransomware threat?

Latham: Through ransomware, criminals know they put businesses in a no-win situation to either pay a significant sum of money or go out of business. But, ransomware is more symptom than disease. And it’s only one of many threats our industry faces every day. Minimizing risk requires cyber security professionals to understand how business uses technology and how to apply proportional security measures throughout the organization, including how to engage and educate the workforce.

What are some of the main goals of the board?

Latham: The real estate industry likes to say “location, location, location.” The goals of this advisory board are “alignment, alignment, alignment.” If we can work shoulder-to-shoulder as a board to inform Fullstack’s curriculum, we can take a very significant step toward producing the talent needed by our respective businesses today and in the future. We also get the privilege as a board to provide scholarships to Fullstack to students we encounter and employees we are mentoring. That means we can make a direct and immediate impact on peoples’ lives and careers while we are up-skilling them to work on our teams.

Will the board work directly with corporate security executives, and if so, how?

Latham: Absolutely. The advisory board is comprised of senior security executives from technology and industry. This is a cross section of our industry and one that comes together through the Alliance and through Fullstack for a simple reason—cyber security is a common challenge and not a competitive differentiator. Our mandate is to close this talent gap. Doing that demands that we work together with our counterparts to truly align industry needs with emerging talent.

What are some of the topics covered in the cyber security curriculum?

Latham: The curriculum begins by teaching the foundations and essentials of cyber security, covering topics such as AWS basics; computing, networking, and security concepts; and basic cryptography. Students then learn and experience both sides of the cyber security industry, participating in Red Team and Blue Team lessons and exercises. Finally, students will work on building their own enterprise-level environment with Security Operation Center on AWS. They will learn how to build, monitor, attack, and defend their own enterprise-level network.

How a business can address the skills gap right now

With ransomware and other security issues constantly proving a danger to business owners, IT leaders are starting to understand how to better distribute their tight cybersecurity budgets and limited headcount. The most sought-after technologies aimed at filling the skills gap currently include next-generation firewalls and threat intelligence platforms and services. Threat Intelligence can easily recognize threat actors as well as tactical indicators (a process called trailing). While not equivalent to network intrusion detection systems (NIDS) or other ready-made security solutions (including antivirus software), threat intelligence can be used as a complementary solution, as it doesn’t just recognize patterns. No matter the scope of threat intelligence, its final objective is the same: to help companies understand and provide predictive remedies for the kind of threats that typical security procedures can’t cover.

Learn more about how threat intelligence is shrinking the cybersecurity gap.