Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
9/19/2016
12:01 PM
Jeannette Jarvis
Jeannette Jarvis
Partner Perspectives
50%
50%

The Time Is Now To Address The Cybersecurity Talent Shortage In Unique Ways

Cultivating talent from unaccustomed outlets will benefit all of us.

Today nearly every aspect of our society depends on the global digital infrastructure. This increasing reliance means that cyberattacks can be hugely disruptive and costly. Preparing for and responding to the rising volume of cyberattacks in a timely manner requires a skilled workforce. Most enterprises are not staffed to respond to these attacks.

Intel Security partnered with the Center for Strategic and International Studies on the recent report Hacking the Skills Shortage: A Study of the International Shortage in Cybersecurity Skills. The report emphasizes that the global cybersecurity workforce shortfall will be between 1 million and 2 million positions unfilled by 2019. The report states that the shortage of skilled cybersecurity workers is worse than any other IT profession.

Jobs remain open due to lack of labor. Last year alone, 209,000 security jobs went unfilled, and the trend is expected to continue. Intel Security predicts that we have more than $41 billion in unpaid salaries left on the table as a result of this hiring gap.

The shortage of security personnel has left organizations vulnerable to attacks. Companies are at huge risk when they do not have skilled personnel looking after their infrastructures. Security tools are not well managed, and an organization’s ability to respond and mitigate breaches and other security events is compromised.

The security vendor industry must drive better ways to address security needs -- primarily through developing better incident response, correlation, and automation technologies. We should see tremendous efforts directed toward improving these tools and automation capabilities during the next several years.

College students are being encouraged to earn degrees in information security. And many corporations, Intel included, send employees to high schools and colleges to inspire women and minorities to consider STEM degrees. These efforts are laudable and will help to make a difference.

A recent article indicated that one-half of the 775 companies interviewed believe that at least a bachelor's degree was relevant to enter the cybersecurity field, but that this requirement is more reflective of marketing the candidate than providing cybersecurity skills. When asked about the best ways to build cybersecurity skills however, 68% of the respondents ranked hands-on experience and professional certifications above a degree. College computer science degree programs touch very little, and sometimes not at all, on security training.

Broaden The Search

Adequately addressing the security talent shortage requires us to search broadly for solutions. We can cultivate talent in unique ways. One is to take the problem into our own hands and create the training opportunities ourselves, just as Oracle is doing by building an on-campus public high school to develop the next generation of innovators. Expect to see more corporations developing their own talent through creating or sponsoring magnet schools that focus their instruction on security training. Not only can this type of training help bring a new generation to our businesses, but it also attracts a more diverse student body.

Corporations have also created specific affinity groups to address career development and leadership opportunities for women. We should continue to encourage efforts to develop and expose women to opportunities in security through similar programs. Intel Security launched the Women in Security (WISE) program focused specifically on the development, empowerment, and success of women in security. Not only does this effort help meet diversity goals, it brings fresh talent to the table and drives a culture of inclusion that has proven to benefit companies’ bottom lines. 

Getting young primary students interested in coding through gaming exercises will spark the energy and enthusiasm needed to guide them into the security realm as they consider their college options. On the other end of the age spectrum is the older worker who finds retirement unfulfilling. Creating flexible work schedules or job-sharing opportunities will help us to leverage experienced and loyal candidates to fill the security defender roles.

As companies work to address their overall diversity gaps and goals, they will address unique ways to find, educate, and hire new talent. There is much untapped potential in high school students who may not have the opportunity to attend college due to limited support or finances. Many of these students have the attitude and aptitude to work in cybersecurity but need a hand up. Security operations center staff, incident responders, and other notable security roles could be filled through creating apprenticeships and internships that expose people to cybertraining in a focused, hands-on environment.

An often overlooked source of potential candidates is our veterans. These potential applicants are already predisposed to a security mindset through their military service. They have the fortitude to handle the demands of the security industry. Veterans savvy about technology and working across global environments can quickly grasp and adhere to policies and procedures and are quite accountable. They constitute a perfect candidate pool.

The industry must accelerate addressing solutions to the talent shortage. We have to act fast; we cannot let the bad guys win. I encourage everyone to look at novel ways to solve our talent crisis. Cultivating talent from unaccustomed outlets will benefit all of us. There are many capable and competent job seekers who are able to quickly gain the knowledge and expertise to meet our needs, if we let them. Be receptive. Be progressive. You have nothing to lose and a lot to gain. 

Jeannette Jarvis is Director of Product Management in the Intel Security organization. In this role, she helps define strategy and drives improvements for programs focused on malware operations, threat intelligence, and McAfee Labs initiatives. She also drives industry ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...