Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

08:00 AM
Connect Directly

Security Talent Gap Threatens Adoption Of Analytics Tools

Finding qualified personnel with the right skillsets to configure and operate analytics platforms is a big challenge today, but workforce development, training, and more intuitive technology could help.

Most organizations are struggling to find security professionals with the right skills to properly operate and maintain security analytics platforms for detection and response. Some experts are looking for ways to close the talent gap via workforce development, training and, in some cases, technology.

The recently released SANS Institute 2015 Analytics and Intelligence Survey revealed that the demand for cybersecurity tools and resources has doubled since 2014. The majority of the 476 respondents (59 percent) cited a lack of skills and dedicated resources as the main obstacles to discovering and acting on cybersecurity incidents and breaches.

Finding these skillsets in today’s marketplace is difficult due to incredibly high demand for top talent that understands system information and event management (SIEM) systems and correlation, forensics, event management, and now, with analytics in the mix, pattern analysis across large diverse datasets, according to the SANS survey commissioned by security tools provider DomainTools.

The skill shortage challenge was ranked third by 30% of respondents in the 2014 survey, indicating that this problem is actually getting worse.

“There is absolutely a dearth of skilled analysts who have familiarity with network technology and the kinds of threat intelligence analytics that come from endpoint devices,” says Tim Chen, CEO of DomainTools. These analysts would need the skills to detect anomalies and take the appropriate measures to respond to incidents. However, that is just one piece of the human capital chain, he says.

Security professionals are pulling various data feeds and log and event data from disparate systems into databases where they can perform advance analytics. Engineers are needed to write application programming interfaces and connect systems together on the backend so security operators can actually analyze the data. That is an often overlooked skillset, Chen says.

Only 3% of organizations in the SANs survey say their analytics and intelligence processes for pattern recognition are fully automated, and another 6% report having a "highly automated" intelligence and analytics environment.

By leveraging technologies and automation, organizations can better distribute their security operations teams’ workloads, putting senior staff to work on more advanced threats, and at the same time, foster the recruitment of top talent.

Many manual processes being performed by senior SOC staff could be automated, including the weeding out false alarms, the generation of responses to help tickets, and the generation of reports that give information about key metrics such as detection success or false-positives, security experts say.

Security vendors are well aware of the need to write rules into their products that can help security professionals better prioritize alerts, says Tim Helming, director of product management with DomainTools. Some of the skills that are most valuable are hard to quantify because they come with judgement, intuition, and experience, and the analyst develops a sixth sense about alerts, which is tough to gauge during the hiring process, he says.

Workforce development crucial

Technology is just one way to address the cybersecurity skills gap. Workforce development is also paramount in addressing the problem, says Richard Spires, CEO of Learning Tree International, Inc. and a former chief information officer of the Department of Homeland Security.

“Clearly there are not enough people who have the skill competency to fill all the jobs in cybersecurity. You can’t hire your way out of this problem,” Spires says.

The IT management and training company recently launched IT Workforce Optimization Solutions, a comprehensive suite of services designed to help IT management plan, develop, and implement strategies to build and sustain high-performing IT organizations. The goal is to help IT organizations develop a culture to support professional development of their staff with an emphasis on skill assessment, individual development plans, training, mentoring, and matching people with the right assignments.

Security pros often get hired away once they reach a certain level of competency, so a key factor in development of individuals is how to retain them and help them feel they are part of a team.

The workforce solutions and services are based on the National Cybersecurity Workforce Framework as defined by the National Initiative for Cybersecurity Education (NICE) and the Skills Framework for the Information Age, which maps the skills of the workforce with the needs of a business.

Automation of technology is an important aspect of the equation to develop and retain skilled analysts, but everything cannot be automated given the complexity of IT environments, Spires says.

“You need on-the-job training to really understand data sets over time,” so once analysts learn about their systems and what is normal, they can automate tasks. However, with today’s IT environments, you still need the human element in the loop to help.  

“I don’t see that changing for some time because of the complexity of our environments,” Spires says.


Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/14/2016 | 5:32:17 PM
Resources already available
This site alreadt covered Stealth Worker. You can use it to get expert cybersecurity people quickly. We did!
User Rank: Author
1/12/2016 | 5:00:46 PM
excellent commentary, Gartner research agrees with you
and yet... the security analytics market is forecast to exceed $7 billion by 2020 despite cybersecurity labor shortage
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-25
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.
PUBLISHED: 2021-02-25
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
PUBLISHED: 2021-02-25
Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.
PUBLISHED: 2021-02-25
Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which...
PUBLISHED: 2021-02-25
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.