Next-generation firewalls. Advanced threat detection. Intrusion deception. DDoS protection. These innovative security technologies work to combat security threats and attacks, to protect data and other assets from cybercriminals.
Throughout the last few years, the information security (InfoSec) industry has seen great progress in leveraging such techniques to defend against and defeat attackers.
But let’s take a step back and think: Is this all that the security industry needs in the future? Even with the latest technologies, cybercriminals are still deceiving and surpassing the elaborate and often pricey initiative to secure data. The above is a solid list of methods that focus day-in-and-day-out on protecting against threats, yet risks and vulnerabilities continue to be alive and thrive.
Technology is Necessary but Insufficient
What needs to improve? Although technology products are time and time again heavily relied on and placed at the forefront of defense, there is another critical element that needs just as much focus: training the next generation of technology professionals.
Implementing technologies, as well as educating the current workforce about privacy and prevention, are fundamental to securing data and the network. But having information security professionals teach our succeeding generations about security trends and challenges, and the proper use of advanced technologies is key to protecting society moving forward. The industry needs experienced professionals who are up-to-date on the current and evolving security climate and activity of modern-day attackers.
Where is the Next Gen Workforce?
Despite the increase of cyberattacks, the world being more connected, the use of cloud-based technologies and the growth of the Internet of Things (IoT), the industry is experiencing a massive shortage of information security professionals. Just last year, RAND published a study (PDF) highlighting how there’s a lack of cybersecurity professionals across the country. Additionally, Enterprise Strategy Group surveyed IT professionals all over the world to determine where the deficiency is for specific IT skills, finding that a fourth of those organizations said they had a “problematic shortage of InfoSec skills.”
This is huge. These professionals are not only critical components to keeping businesses of all types protected, but they are also needed to educate people about cyber best practices, privacy and security. The need for information security engineers and analysts across industries, including defense, retail, financial services and healthcare, is in high demand and unfortunately, this isn’t an occupation that can populate new experts overnight. A college degree is great on paper, but the security industry is one where professionals ultimately need hands-on experience.
Preparing for a Career in InfoSec
Many of the necessary skills to be an effective member of the security workforce are gained through an on-the-job training. After all, even if you’re a firewall expert, how a firewall is implemented in one particular enterprise versus the next one is often quite different. It’s the old adage—people, process, technology. But, here are a few tips to share with the next generation of InfoSec professionals:
• Learning about computer science more broadly and absorbing as much as possible about the field before specializing in specific parts of InfoSec is and will continue to be critical. It will allow the next generation to obtain a well-rounded background with the ability to grow and master new areas of security as the industry continues to evolve. Additionally, the more education, experience and focus on the field that our next generation receives will ultimately lead to a greater understanding of it, a boost in drive to protect society, and, above all, increased respect for security and privacy.
• Keep reading, watching, listening—InfoSec moves faster than other IT markets. Investing several hours a week in understanding the latest threats and hacks is the only way to grow, and to have your knowledge base be relevant to the organization you’re protecting.
• Certifications are, of course, non-optional. Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) are just two of the most common. Get them early and refresh often.
Competing with the masterminds behind the latest hacks requires seamless operations with the right mix of products, education on how to best manage security tools and techniques to stay secure, and teaching and embracing the next generation with relevant information security knowledge. We can no longer forget about the future generation. This combination is integral to society’s success against future cybercriminals and malicious activity.