Cybersecurity Skills Gap | Cybersecurity Insights #20

September 13, 2019 posted by


Hey, Josh here from Absolute. Welcome back to Cybersecurity Insights! We talk a lot about a ‘skills gap’ in cybersecurity, but why is there a gap in the first place? There are many reasons for the skills gap. Number one: More cyber criminals Not only are they
a threat to cyber resilience, but since we first linked machines together, cyber crime has risen and with it a wider skills gap. And cybercriminals’ goals evolved from reputation in the hacker community… into a well-organized,
concentrated push for financial gain. This incentive scheme lures criminals, bringing more into the game, and we just can’t keep up. Number two: More places to hide. When we digitized our most important information, like patents, consumer records, financial data, we added more to the watch-list. This creates more space to hide and we often don’t have a wide enough lens to monitor an ever-expanding attack surface. Our own environments
provide enclaves for criminals to hide, users to go rogue, and auditors to well always find something. Keeping tabs on threat groups
like APT28, 40, or 29 is one thing. But when you add the mutating attack surface, you get a compound effect: more threats in more places. Number three: Deep versus Wide The security professional
is caught in a dilemma: expand skills within a specific domain, or a broad range of skills in many disciplines. Individuals are forced to make trade-offs, leading to bulges in certain skills and scarcity in others. And this distribution and concentration of skill is not always aligned to an organization’s demand for a particular position. Number four: Undervaluing the role We’re all short-sighted and we’re all prone to misunderstanding “Can’t we just automate that?”. Cybersecurity job requirements are often like a wish list to Santa Claus; asking for candidates with decades of experience deep knowledge in myriad disciplines and a willingness to put in Victorian hours for a compensation plan that looks a lot like an internship. Needless to say We can see how unforeseen forces
can exaggerate the skills gap. If we’re going to close it, resilience must be our primary aim, bouncing back from any setback by self-healing systems,
controls, apps, agents, and devices to become stronger. By anchoring on the primary goal of resilience, we use innovation like
automated responses and command toward their most effective result. Which forges a new path that removes complexity, enables line-of-sight, and gives security teams the power to orchestrate a wide range of systems. Step back from it all and move the chest pieces toward proven tactics that enable resilience. Remember to like and subscribe oh and tell me how you’re addressing the challenge of the skills gap. There’s a handy comment section below. I’ll see you next time!

3 Comments

3 Replies to “Cybersecurity Skills Gap | Cybersecurity Insights #20”

  1. John_Doe says:

    Here's is a tought, maybe dont drain the life energy and enthusiasm in juniro/entry level posistions? Most recommend SOC as the first job in CyberSecurity, I find this posistion life draining and shattering all enthusiasm for the field.

  2. A1 Talisman says:

    Hi,
    I am the operator behind the "A1 Talisman" Viral Youtube Channel.

    Cybersecurity Incidents with Ransomware ["SamSam" , "Wannacry"] have proven ineffective security system fundamentals. In today's world, adversaries have their own playbook that they operate under. The underlying objective of adversaries is to extract intelligence that they can use to put the other side at a disadvantage through an adverse interest that they have in commerce and trade.

    It is important for all of us to develop these technical skills in order to safeguard against scam artists. I think it is important for all us to start to explore security engineering so that it introduces to the architecture and the landscape that we are wanting to be oriented to. We should be also getting good at advanced basics in College and University level math. I personally use the zero-product property rule and synthetic division checks to confirm the math I use in developing material flow charts against adversaries.

    Being creative and motivated as a ["Wizard"] in any field of study is important to developing new frontiers on the subject matter. We should be figuring out ways to gain perks from the tradecraft we choose to integrate with. Reverse Engineering is something that more people should be working to get better at. Knowing an adversaries playbook as a countermeasure through competitive technical intelligence is something that all aspiring wizards should be aiming for.

  3. Karen LeVeille says:

    i came in blind, recruiter found my resume and got me hooked up in a SOC analyst position, with only a 2 year degree and one internship. i don't think many people are that lucky, since as you said, these lists are waaay to often just wishlists to Santa… learning that as i scope out the field @[email protected]

Leave a Comment

Your email address will not be published. Required fields are marked *