There is a significant skills gap in the United States today, and one particular area that is feeling the pain of the gap is cyber security. This gap isn’t just a concern for large technology companies, if the latest Equifax hack or WannaCry news is any indication: It’s a gap that can hit close to home.
Candace Worley, Vice President and Chief Technical Strategist at McAfee, said the cybersecurity skills gap is a significant problem for companies and that it has to be addressed in a number of ways because there is no silver bullet.
“The cyber space has matured in a way that requires special skills,” Worley said Tuesday at Structure Security 2017.
Worley said there are plenty of talented people in the U.S. and Silicon Valley but that some don’t have the right skill set. Educational programs and institutes play a big part in increasing the talent pool, but Worley said most university cyber security programs are in their early stages so it will be three to five years before there is a wave of students with the necessary cyber security skills.
Through artificial intelligence, communication with employees and shared responsibility, however, Worley said companies can start today to help fill their cyber security needs. “Until that cyber pipeline starts to exit the pipeline, I think you’re going to have to look at automation, third party augmentation, leveraging your own talent pool.”
While many have hesitant to rely on automation, especially 5-10 years ago, Worley said it’s crucial to rely on some automation because risks evolve daily and code can be updated every minute. Despite the apprehension, she said in recent years people have stopped view automation as a threat and started using it as a tool.
“What tasks in cyber can be automated with very low risk,” Worley said. “That’s another way to fill that gap.”
Internally, companies can shares headcounts between departments on a rotational basis to help monitor security.
“Looking at the other areas within your organization, you probably can… leverage some of that talent and create a rotation program, into a cyber team for three to six months,” Worley said. “[Put] them with the right talent to help them, just like you would with an intern.” She said creating your own talent pools isn’t just useful to close the skills gap, it can can be extremely useful for when a crisis happens.
While no one wants to hear that a crisis is a good thing, Worley said the Equifax and SEC breaches do “raise the awareness of employees, because they’ve not been touched by this thing. It’s another thing when … your identity may be at risk. It become very personal at that point. Maybe we now have an opportunity to have that dialogue.”
Another additional area Worley said companies can help improve their cyber security gap, seems like a simple one: make sure all employees know the best security practices.
“I believe whenever every employee sees IT security, digital security as part of their role that we will see a drop in successful attacks,” she said. The average person that works in finance, account or manufacturing may not realize he or she is a security risk so it’s up to the company to communicate best practices, Worley said. “We need to do a better job to help own the digital security of the organization.”