Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

We Need More Girl Scouts and Analytics

New Strategies Must be Put Into Action to Deal With the Imbalance of Cybersecurity Resources

New Strategies Must be Put Into Action to Deal With the Imbalance of Cybersecurity Resources

Globally, two-thirds of organizations admit to a lack of cybersecurity expertise. ISACA predicts a 2 million cybersecurity worker shortfall by 2019. While this has created tremendous growth in cybersecurity training, the growth in attacks seems to always outpace our ability to defend. The cybersecurity community needs to identify where untapped resources exist in order to move beyond traditional industry practices and contend with this imbalance. 

Strategy #1 – Recruit more women 

“Women are globally underrepresented in the cybersecurity profession at 11%, much lower than the representation of women in the overall global workforce,” according to The 2017 Global Information Security Workforce Study: Women in Cybersecurity. This percentage is the same rate of participation as the 2013 report. We’re not going to close the shortfall in workers by ignoring half the population.

Women in CybersecurityThat’s why this summer’s recent news about Girl Scouts being able to earn cybersecurity badges in 2018 is so encouraging. Raising interest among young women to enter the cybersecurity profession is critical to expanding the availability of qualified security workers.

The Girl Scouts aren’t holding back either. This isn’t just an afternoon behind a keyboard, mindlessly typing in characters from a sheet of paper. There are a series of 18 badges planned, along with weekend-long hackathons. 

These future professionals will enter a challenging workplace, though, if current conditions hold. While wage gaps for women in cybersecurity have narrowed to a range of 3-6% (dependent on the organizational level), an alarming 51% of women indicated that they experienced some form of discrimination, compared to 15% of men in the above Security Workforce Study. 28% of women indicated that their opinions aren’t valued. We’re going to have to do much better as an industry to improve work environments if we want to attract and retain talented women, and make a dent in the skills shortage. 

Strategy #2 – Expand the use of security analytics 

Analytics has been in use for fraud detection in the financial industry for decades, but the technology has only recently been employed in cybersecurity. There are two primary types of security analytics:

User Behavior Analytics (UBA) – detection of user behavior anomalies that can indicate a compromised or malicious account.

Network Analytics – used to identify infected hosts with malware that may or may not already be a known threat.

These security analytics types can be used to create actionable intelligence for front-line analysts. When the lack of resources presents a challenge, we must use technology to give the people we have greater advantages over attackers.

Often, front-line analysts are overwhelmed with alerts, which can be paralyzing. Analytics applied to SIEM technologies can provide analysts with starting points and remove some of the guesswork from the security investigation process.

For example, log data often provides the “what” and the “where,” but seldom the “who” during an investigation. But, it is critical to know which user(s) is exposed during a malware infection. Analytics can make searching for and finding the authenticated user for a particular event or incident simpler and faster. 

Another way analytics can reduce the workload for frontline analysts is by adding context. Threat intelligence data joined to an event data set, and then modeled from a visualization perspective, can provide faster insight or even expose connections that aren’t obvious, which can accelerate the response to shut down an attack. 

Whether we encourage the participation of young women in cybersecurity professions or improve the effectiveness of our existing personnel through security analytics or uncover another solution, we must do more, as an industry, to address the lack of cybersecurity expertise. Encourage the women you know, and if you’re in a position to mentor them, help them to achieve greater leadership opportunities, so that girls have more role models. Who knows, maybe one day a Girl Scout badge for security analytics will inspire someone to solve the security imbalance permanently.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.