Connect with us

Hi, what are you looking for?


Management & Strategy

Herding Unicorns: Managing The Asymmetric Struggle of IT Security

IT security is renowned for being in a state of constant evolution. New threats and attack strategies pop up constantly, and security vendors offer up shiny new products designed to keep the attackers at bay.

IT security is renowned for being in a state of constant evolution. New threats and attack strategies pop up constantly, and security vendors offer up shiny new products designed to keep the attackers at bay.

But for CISOs and security directors, recruiting and retaining talent for their security teams is more challenging than keeping pace with technology. Top-shelf talent and experience are rare, yet both are required to recognize the subtle indicators of a modern attack.

And even when you find the talent, time is always at a premium. A security team has a virtually unlimited set of worthy tasks, but a very limited number of hours in the day to do them.

The widening talent gap in IT SecurityThis means security products must always be evaluated not only in terms of security efficacy, but also according to their impact on the operational fitness of an organization.

Does a security product drain manpower and resources or does it make staff more productive and nimble? The beset security technologies solve security problems and reduce the burden on highly specialized staff, making rank-and-file team members more productive.

The widening talent gap

As security evolves, organizations increasingly find themselves searching for highly specialized and rare sets of skills. Security skills are consistently at the top of the most-wanted lists.

Based on surveys of CISOs, IT analyst firm ESG found that information security has been the most commonly reported skills shortage for four years. And SANS found that incident response skills would be in high demand in the next two years as organizations try to mitigate and prevent increasing cyber attacks.

In addition to traditional security roles, data scientists have become highly sought-after as security team members. This is driven in part by an increased reliance on data science for everything from getting more value out of their SIEMs to building custom behavioral models to uncover insider threats. recently surveyed more than 500 CIOs and found that data scientists and security staff topped the list of their skills shortage.

Advertisement. Scroll to continue reading.

Unsurprisingly, the high demand for these rare skills has made cyber-security analysts and data scientists some of the most highly paid positions within IT.  A recent report from Glassdoor found that the average salary for a data scientist was $118,709 compared to $64,537 for a trained programmer.

The most qualified data scientists earn considerably more. Analysis by recruiting firm Burtchworks found that the median salary was $175,000 for top individual-contributor data scientists.

Asymmetry demands automation

In the midst of the competition for top talent, it’s important to remember that IT security is an asymmetric struggle. There are always more attackers than defenders. There are more devices and more traffic than an army of specialists could ever hope to analyze. Security groups have limited time and budgets, while attackers have an unlimited time horizon in which they only need to win once.

This reality has a major impact on security staffing. First and most obviously, an organization can’t rely solely on rare expertise to keep pace with an unbounded and large set of threats. There simply aren’t enough unicorns to throw at unbounded problem.

Secondly, organizations must understand how to get the most out of their best and brightest without overwhelming them. Automation is the linchpin to meeting these challenges, and there are two areas where it can provide dramatic improvements.

First, automation is quite capable of handling the heavy lifting and volumetric work of security analysis and data science.

Your best security talent should focus on the most important problems, and this can only happen if 99% of the traffic, events, and anomalies are filtered out. This is a must-have checklist item when evaluating security products because many actually create more noise than they remove.

Secondly, organizations must ensure that their specialists don’t become bottlenecks. The security team will quickly reach saturation if every investigation must pass through a key security researcher before the IT staff can take action.

It’s incumbent upon security teams to identify where advanced analysis can be automated in order to enable and empower IT generalists. In the past several years, sandboxes have automated the analysis of malware in such a way that security and IT generalists could take action on results. This same can be said about network traffic analysis, which detects advanced persistent threats and network breaches.

These are just a few examples, but the larger point is one that is common across a great many security disciplines. Human talent is one of the most important and rare assets in any security organization. Security products shouldn’t exist in isolated siloes and the larger security organization will only succeed when the security technologies align with and empower the people that use them.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.