Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

We Need More Girl Scouts and Analytics

New Strategies Must be Put Into Action to Deal With the Imbalance of Cybersecurity Resources

New Strategies Must be Put Into Action to Deal With the Imbalance of Cybersecurity Resources

Globally, two-thirds of organizations admit to a lack of cybersecurity expertise. ISACA predicts a 2 million cybersecurity worker shortfall by 2019. While this has created tremendous growth in cybersecurity training, the growth in attacks seems to always outpace our ability to defend. The cybersecurity community needs to identify where untapped resources exist in order to move beyond traditional industry practices and contend with this imbalance. 

Strategy #1 – Recruit more women 

“Women are globally underrepresented in the cybersecurity profession at 11%, much lower than the representation of women in the overall global workforce,” according to The 2017 Global Information Security Workforce Study: Women in Cybersecurity. This percentage is the same rate of participation as the 2013 report. We’re not going to close the shortfall in workers by ignoring half the population.

Women in CybersecurityThat’s why this summer’s recent news about Girl Scouts being able to earn cybersecurity badges in 2018 is so encouraging. Raising interest among young women to enter the cybersecurity profession is critical to expanding the availability of qualified security workers.

The Girl Scouts aren’t holding back either. This isn’t just an afternoon behind a keyboard, mindlessly typing in characters from a sheet of paper. There are a series of 18 badges planned, along with weekend-long hackathons. 

These future professionals will enter a challenging workplace, though, if current conditions hold. While wage gaps for women in cybersecurity have narrowed to a range of 3-6% (dependent on the organizational level), an alarming 51% of women indicated that they experienced some form of discrimination, compared to 15% of men in the above Security Workforce Study. 28% of women indicated that their opinions aren’t valued. We’re going to have to do much better as an industry to improve work environments if we want to attract and retain talented women, and make a dent in the skills shortage. 

Advertisement. Scroll to continue reading.

Strategy #2 – Expand the use of security analytics 

Analytics has been in use for fraud detection in the financial industry for decades, but the technology has only recently been employed in cybersecurity. There are two primary types of security analytics:

User Behavior Analytics (UBA) – detection of user behavior anomalies that can indicate a compromised or malicious account.

Network Analytics – used to identify infected hosts with malware that may or may not already be a known threat.

These security analytics types can be used to create actionable intelligence for front-line analysts. When the lack of resources presents a challenge, we must use technology to give the people we have greater advantages over attackers.

Often, front-line analysts are overwhelmed with alerts, which can be paralyzing. Analytics applied to SIEM technologies can provide analysts with starting points and remove some of the guesswork from the security investigation process.

For example, log data often provides the “what” and the “where,” but seldom the “who” during an investigation. But, it is critical to know which user(s) is exposed during a malware infection. Analytics can make searching for and finding the authenticated user for a particular event or incident simpler and faster. 

Another way analytics can reduce the workload for frontline analysts is by adding context. Threat intelligence data joined to an event data set, and then modeled from a visualization perspective, can provide faster insight or even expose connections that aren’t obvious, which can accelerate the response to shut down an attack. 

Whether we encourage the participation of young women in cybersecurity professions or improve the effectiveness of our existing personnel through security analytics or uncover another solution, we must do more, as an industry, to address the lack of cybersecurity expertise. Encourage the women you know, and if you’re in a position to mentor them, help them to achieve greater leadership opportunities, so that girls have more role models. Who knows, maybe one day a Girl Scout badge for security analytics will inspire someone to solve the security imbalance permanently.

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.