“[V]acancies in cyber-security positions have skyrocketed as have CISOs salaries.…CISO salaries have gone up considerably in the last two years, with very few dropping below £100,000 (approximately US$146,000) a year.”
—“CISO salaries and demand for cyber-skills skyrockets, surprising no-one,” SC Magazine, Jan. 29, 2016
“Leading roles in cyber security, such as cyber security head, will see an increase of 18% in salary, while roles in cyber security analysis will see a pay rise of 7%.”
—“IT security salaries on the rise as cyber crime increases,” ComputerWeekly.com, Jan. 29, 2016
It is not news to most who follow the IT industry that there is a “skills gap” in the security arena, a gap that has in fact existed for some time. However, with the number, severity and costs associated with security breaches increasing dramatically since 2014, that gap and what to do about it is now top of mind for many IT and security decision makers.
In essence, skilled, experienced security personnel are analogous to homes and offices in highly desirable areas. Demand has for years grown more sharply and steadily than supply. This results inexorably in scarcity, rising prices, and intense competition for those who are available. And, as with homes and offices, generating more supply is neither fast nor inexpensive.
So great security people are scarce, expensive, and highly coveted, a situation unlikely to change any time soon. Not the best of news as security grows in importance and visibility among senior business leaders.
Fortunately, there is a way to mitigate the effects of the security skills gap: skillful use of the right technologies.
“Cyber security today is more of an operations problem than a technology problem…. We don’t have enough skilled cyber security professionals and those we do have are overwhelmed by manual tasks. By automating cyber security processes for remediation, we can help our people work smarter rather than harder.”
— Jon Oltsik, senior principal analyst at Enterprise Strategy Group (ESG), as quoted by Bob Violino, “It’s time to pull the trigger on security automation,” NetworkWorld, Oct. 26, 2015.
After years of talking about making security more automated and operationally focused, a growing number of enterprises are actually pursuing these goals. There are also emerging standards for standardized formatting and sharing of information related to IT security threats. Standards such as the Trusted Automated Exchange of Indicator Information (TAXII™), Cyber Observable Expression (CybOX™), and Structured Threat Information Expression (STIX™) can ease and speed security automation, collaboration, and information sharing.
Of course, there are obstacles and challenges to more security automation, despite the operationalization benefits automation helps to kick-start. For one, automation “usually depends upon integrating several security technologies together, which can be difficult,” ESG’s Oltsik said in the NetworkWorld article mentioned above. For another, “There is the historical belief that security decisions must be guided by some type of human intervention,” Oltsik added.
Fortunately, the right technologies can help to address both of these challenges. Role-based user interfaces (such as LANDESK Workspaces) and integration and reporting tools (such as Xtraction) that can gather, summarize, and make actionable security information from diverse sources, for two examples.
Where best to start using automation, consolidation, and integration technologies to combat the security skills gap? For many, patch management is a great starting point. Better, more automated and operationally focused patch management can also help to close the vulnerability gap. That is, the typically disturbingly long time between when a patch for a vulnerability appears and when an enterprise deploys that patch. In some cases, it can be days or weeks. In many cases, it’s months or years.
LANDESK offers multiple solutions for automating and improving patch management at your enterprise. And you can build upon those initial successes in ways that improve security across your entire IT environment, and that can even integrate with other solutions you already have.
Modernize your IT to automate, operationalize, and improve security at your enterprise. Start now to explore how you can use technologies to improve your enterprise’s security, skills gap or no skills gap.
Join us for our free webinar on February 24 for more details!