Security Experts:

Herding Unicorns: Managing The Asymmetric Struggle of IT Security

IT security is renowned for being in a state of constant evolution. New threats and attack strategies pop up constantly, and security vendors offer up shiny new products designed to keep the attackers at bay.

But for CISOs and security directors, recruiting and retaining talent for their security teams is more challenging than keeping pace with technology. Top-shelf talent and experience are rare, yet both are required to recognize the subtle indicators of a modern attack.

And even when you find the talent, time is always at a premium. A security team has a virtually unlimited set of worthy tasks, but a very limited number of hours in the day to do them.

The widening talent gap in IT SecurityThis means security products must always be evaluated not only in terms of security efficacy, but also according to their impact on the operational fitness of an organization.

Does a security product drain manpower and resources or does it make staff more productive and nimble? The beset security technologies solve security problems and reduce the burden on highly specialized staff, making rank-and-file team members more productive.

The widening talent gap

As security evolves, organizations increasingly find themselves searching for highly specialized and rare sets of skills. Security skills are consistently at the top of the most-wanted lists.

Based on surveys of CISOs, IT analyst firm ESG found that information security has been the most commonly reported skills shortage for four years. And SANS found that incident response skills would be in high demand in the next two years as organizations try to mitigate and prevent increasing cyber attacks.

In addition to traditional security roles, data scientists have become highly sought-after as security team members. This is driven in part by an increased reliance on data science for everything from getting more value out of their SIEMs to building custom behavioral models to uncover insider threats. recently surveyed more than 500 CIOs and found that data scientists and security staff topped the list of their skills shortage.

Unsurprisingly, the high demand for these rare skills has made cyber-security analysts and data scientists some of the most highly paid positions within IT.  A recent report from Glassdoor found that the average salary for a data scientist was $118,709 compared to $64,537 for a trained programmer.

The most qualified data scientists earn considerably more. Analysis by recruiting firm Burtchworks found that the median salary was $175,000 for top individual-contributor data scientists.

Asymmetry demands automation

In the midst of the competition for top talent, it’s important to remember that IT security is an asymmetric struggle. There are always more attackers than defenders. There are more devices and more traffic than an army of specialists could ever hope to analyze. Security groups have limited time and budgets, while attackers have an unlimited time horizon in which they only need to win once.

This reality has a major impact on security staffing. First and most obviously, an organization can’t rely solely on rare expertise to keep pace with an unbounded and large set of threats. There simply aren’t enough unicorns to throw at unbounded problem.

Secondly, organizations must understand how to get the most out of their best and brightest without overwhelming them. Automation is the linchpin to meeting these challenges, and there are two areas where it can provide dramatic improvements.

First, automation is quite capable of handling the heavy lifting and volumetric work of security analysis and data science.

Your best security talent should focus on the most important problems, and this can only happen if 99% of the traffic, events, and anomalies are filtered out. This is a must-have checklist item when evaluating security products because many actually create more noise than they remove.

Secondly, organizations must ensure that their specialists don’t become bottlenecks. The security team will quickly reach saturation if every investigation must pass through a key security researcher before the IT staff can take action.

It’s incumbent upon security teams to identify where advanced analysis can be automated in order to enable and empower IT generalists. In the past several years, sandboxes have automated the analysis of malware in such a way that security and IT generalists could take action on results. This same can be said about network traffic analysis, which detects advanced persistent threats and network breaches.

These are just a few examples, but the larger point is one that is common across a great many security disciplines. Human talent is one of the most important and rare assets in any security organization. Security products shouldn’t exist in isolated siloes and the larger security organization will only succeed when the security technologies align with and empower the people that use them.

view counter
Wade Williamson is Director of Product Marketing at Vectra Networks. Prior to joining Vectra, he was a Senior Threat Researcher at Shape Security. He has extensive industry experience in intrusion prevention, malware analysis, and secure mobility. He has extensive speaking experience having delivered the keynote for the EICAR malware conference and led the Malware Researcher Peer Discussion at RSA. Prior to joining Shape, he was Sr. Security Analyst at Palo Alto Networks where he led the monthly Threat Review Series and authored the Modern Malware Review. He has also led the product management team at AirMagnet where he helped to develop a variety of security and network analysis tools targeted to WiFi networks. He has been a steady and active researcher of new threats and techniques used to compromise enterprise networks and end-users.