Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Accessible Security Tools: Solving the Skills Shortage

This isn’t another article about the skills shortage. We’ve all read plenty of those, detailing the alert fatigue plaguing analysts and the number of unfilled positions the industry can expect by 2020. Not only does the shortage seem to get bigger and more dramatic with every article I read, but all this talk isn’t getting us any closer to a solution.

This isn’t another article about the skills shortage. We’ve all read plenty of those, detailing the alert fatigue plaguing analysts and the number of unfilled positions the industry can expect by 2020. Not only does the shortage seem to get bigger and more dramatic with every article I read, but all this talk isn’t getting us any closer to a solution. Instead of worrying about the skills shortage, let’s talk about how to fix it. 

Sharing Responsibility: CISOs and Security Companies 

Cyber security experts recognize that there is a problem, yet determining who is responsible for solving these issues is woefully under-discussed. 

A company and the CIO or CISO will need to hire new security analysts, retain current team members, and brainstorm how to streamline processes and reduce the workload for the security team. Urging CISOs to be creative in their hiring, think strategically about the division of labor, and keep their employees engaged is all well and good. But in the long-term, these same strategies are unlikely to make a real difference for an organization’s ability to succeed in the face of the growing skills shortage. 

Cyber-threats will only become more advanced, and the complexity of the digital business continues to increase. By failing to identify more permanent solutions to the issue, the industry is placing a burden on CISOs and security teams to “do more with less.” This approach will almost undoubtedly lead to mistakes, breaches, and attacks. 

Security software companies need to take on some of the responsibility for solving this problem. If the industry is lacking “skills”, why not make it easier for less-skilled individuals to be successful in this space? If companies develop products with the requirement that the user be anywhere from junior all the way up to senior it could start making a real difference. By enabling less-experienced individuals to be successful analysts, these tools could inadvertently help CISOs to fill many of the positions that remain open. 

College Graduates and Current Job Requirements

The number of students majoring in computer science continues to rise. A 2017 study (PDF) conducted by the Computing Research Association found that the average number of computer science majors has more than tripled since 2006 and more than doubled since 2011. It isn’t that the pool of talent available to CISOs isn’t growing. Instead, CISOs feel unable to dip into this new talent. 

If you search “Cyber security analyst” most positions’ descriptions focus on prior experience. Find one such job description below: 

 BS in Computer Science, Information Security, or a related field is highly desirable

 3+ years of work experience in information security, especially in a network security analyst role

 3+ years of past experience in a role on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is highly desirable

 Security +, CEH, or SANS GIAC certifications are preferred

These job descriptions are informed by what skills CISOs believe their team members will need to have to succeed, which is in turn informed by their own experience. The tasks expected of security analysts, including working with a wide variety of tools, identifying genuine threats amongst false positives, and quickly remediating incidents, are all incredibly difficult. 

However, cyber analysts can easily learn to operate at a senior level when working in tandem with artificial intelligence. Technology that can provide only high-confidence alerts, prioritize incidents, and also take action to stop an in-progress threat enables new analysts to quickly get up to speed. They can quickly come to have a sense of which anomalies are indicative of what type of threat and learn what actions are needed to remediate a threat. 

The New Normal

In my work as an analyst, I’ve worked with numerous small companies and other organizations with limited resources around the world. At these 10-person hedge funds or non-profit organizations, there may not be any individual dedicated to security. My main contact responsible for the everyday security of his organization had the title of “Investment Principal.” However, by having the right tools deployed, these same individuals and organizations have prevented ransomware, identified threatening misconfigurations, and enforced detailed company policies. 

This is what a tool designed for a more junior user can enable. The security skills shortage will continue to worsen unless organizations come to fundamentally rethink the current hiring model and job requirements. By creating tools that can be used both by non-technical individuals and experienced analysts, security companies can enable organizations to reduce the burden for experienced security staff, train new staff, and stay ahead of both the skills shortage and advanced threats. 

RelatedA ‘Force Multiplier’ for Tackling the Security Skills Shortage

RelatedRecruitment Challenges Continue to Plague Cyber Security

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.