The skills gap in the market is just that, shortage of skills rather than of headcount and upskilling existing employees is cost-effective, insists John Pescatore, Director Emerging Security Trends, SANS Institute.
SANS is the largest global cybersecurity training and certification provider. The Institute offers intensive in person and online cybersecurity training courses that include hands-on labs to keep cyber security professionals up to date with the latest threats and cyber security techniques and to enable graduates to immediately fill the many cybersecurity openings at companies and government agencies worldwide.
SANS also develops and maintains, the largest free collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – the Internet Storm Center.
There are two broad classes of cybersecurity products:
Host based software
These products are too easily bypassed by users or system administrators, leaving PCs and servers open to attack.
The movement to the use of cloud-based systems and mobile applications means that traditional network security appliances, which are very effective against advanced threats, are often not in the path between the attackers and the target users and servers
SANS carries out several surveys each year and the top 3 pain points CISOs consistently list are:
- Lack of cybersecurity skills
- Movement to the cloud
- Inability to get other parts of the organisation, particularly IT operations, to change and reduce vulnerabilities
Cybersecurity training courses that address the issues unique to protecting cloud-based applications and mobile users are key. The skills gap in the market is just that – more a shortage of skills than of headcount – and upskilling existing employees is usually much more cost-effective than hiring new people from the outside.
Next generation cybersecurity products are integrating into virtualisation and cloud features to improve overall security performance.
The security operations teams need increased skills in developing cybersecurity architectures and playbooks that integrate across on-premises data centres and cloud-based data centres, and mobile applications.
Security staff needs hands on experience with cybersecurity tools and products that implement those processes. CISOs need better communication and influencing skills in order to get IT operations and application development to make changes and incorporate security from the start of each project.