The security skills shortage continues to shape the future of security and is a significant concern for business leaders. Fortinet’s Stephan Tallent shares some perspective about how this is a top concern, but also specifically for some emerging areas of the world.
It is no secret that a talent skills shortage in security is shaping the future of both cybersecurity and networks themselves. Why is this issue so top of mind and critical right now?
There is significant pressure on organizations to expand their networks in order to reach more customers, wherever they happen to be located, and provide them with the exact services they need, when they need them, on whatever device they want to use. The security challenge is that threats to those users, data, and devices are expanding at an equally relentless pace. And while the number of opportunities and locations for a breach to occur continues to grow, for far too many networks, cybercriminals still only need to find a single point of failure to compromise the whole system.
This ongoing drumbeat of high-profile security breaches has raised the general awareness of the expanding threat landscape. And at the same time, in addition to the clearly increasing risk to businesses, the market has responded by also increasing the personal accountability of the board and IT management for breaches.
All of this has combined to make security the highest priority of every organization hoping to compete in the new digital economy.
If you look at resources on a global scale, how does the skills shortage in security become an increasingly complex challenge around the world?
Different countries and regions have different security issues and privacy laws. As the cultural differences in Internet users and national carrier architecture vary, so does the threat landscape. Data privacy, notification laws and other variables add to the complexity.
Is it possible to say that a skills shortage in security talent is an area of concern for emerging countries today that have fewer IT experienced knowledge workers?
There is clearly a growing need for trained and seasoned security professionals, especially for growing organizations in emerging markets and regions. Fortunately, until recently, many of these organizations have fallen below the radar of cybercriminals due to their existing in a temporarily less digitized society. However, attackers will invariably target high return targets, so as these emerging markets add more Internet and social media users, the risk will go up.
The challenge is that due to the nature of today’s digital business requirements, these organizations desperately need to find skilled and savvy security professionals that not only understand the ins and outs of security in general, but also their unique regional regulations and user demands. And they need to do that in rather small pool of possible candidates.
Newer emerging markets are becoming the new centers of gravity for the global economy, and competition for talent is becoming fiercer almost by the day.
How does the future of MSSPs fit into this conversation? Are MSSPs solving a talent gap in various areas around the world where limited talent resources are a concern?
MSSPs have become the stopgap security measure more and more business are taking because it has persistent value due to the time they can be focused on the task of protecting the organizations. As MSSPs develop more experience securing businesses, their teams deal more with a wider variety of sophisticated threats and attackers, and at the same time, have better access to the latest threat intelligence and technology. So it’s no wonder that companies are turning to them to solve a problem they are not equipped to solve themselves. Just as fewer people dig wells for potable water and businesses no longer burn coal for electricity, security is similarly becoming a valuable utility that can be consumed as a service fee that is cost effective due to economies of scale.
Of course, many large multinational corporations, banks, governments, and education institutions have already been relying on MSSPs for some time. This has also been true in markets that have stringent privacy and compliance laws. But we are beginning to see a significant shift towards utilizing these same utility-like services in emerging markets.
How can vendors take action to help address talent and security today in terms of the future technology they provide?
There are a number of critical things that vendors can do.
First, they can enable alternative methods for candidates to develop essential security skillsets early in the academic phase of their development by building, designing, funding, and supporting training academies and resources. There are talent pools that are well suited to meet this need that have not been fully utilized, such as trained and disciplined military veterans transitioning from service and engineering students who are unaware of the opportunities that the security field provides. It is in everyone’s best interests for us to train and certify these pools of talent.
Second, we need to stop focusing on building isolated security tools that operate in a silo. We need to help organizations do more with less, and we can do that by working to integrate tools to work together, design them to share threat information and operate using common management and orchestration tools, and enable them to correlate threat intelligence and coordinate intelligent responses to threats regardless of where they occur across today’s distributed networks.
Fortinet is expanding our successful Security Academy and Veterans program here in the US to the global market. We are currently making efforts worldwide to accelerate this combined strategy of reaching both universities and military veteran communities around the world.