“In its new 2015 Global Cybersecurity Status Report, ISACA finds that most organizations are aware of cyberattack risk, but few believe they have the capability to thwart a sophisticated attack,” wrote Eric Parizo, Executive Editor of TechTarget in an article published January 20, 2015. The article goes on to say, “…only 38% were confident that their organizations were prepared to fend off a sophisticated cyberattack, and that may be in part because of the longstanding cybersecurity workforce shortage…”
Is there really a cyber security workforce shortage? Or is this more a function of highly inefficient, analyst unfriendly combinations of “automatic” defense tools being utilized by most security shops today? I would argue that it’s more than likely a combination of both, but would lean heavily towards the latter: talk to almost any security analyst and they’ll admit that they spend most of their time piecemealing data together from multiple systems, desperately trying to put the pieces of a puzzle together to figure out what is happening on their network. This is tedious, time consuming work. Imagine if the data they needed was simply presented to them in a format they could understand in a timely manner, the majority of their time would be spent doing what they actually got into the profession for in the first place: thinking like, finding, and countering intruders.
In the never-ending one-upmanship game that defines cyber security, no automated tool will ever replace the human intelligence needed to counter other human intelligence (at least for the foreseeable future). And yet most security shops today seem to be looking for an “easy button”: automated tools that prevent breeches, and failing that, tell their security staff what to do, and when to do it. Perhaps it’s time for our industry to take a completely opposite approach: look for tools that enable and empower our best defense weapon – our analysts.