Abstract: The IT talent shortage makes it difficult to fully staff a SOC, for many reasons. Given the necessity of analysts, organizations and CISOs need to be creative in recruiting, hiring, and retaining staff. It involves some ingenuity, a change in perspective, and thinking wildly outside the box.
In any given month, you can assume that there’s a data breach, cyberattack, or malicious activity transpiring online somewhere around the world. In the month of February 2022 alone, the cybersecurity industry saw 83 breaches, with over 5 million records accessed. These are sobering numbers, and CISOs are tasked with protecting their networks at a time when there simply aren’t enough skilled analysts in today’s workforce to help them do it.
The Hybrid Approach
It’s not hyperbole to state that we’re at a critical point in the evolution of cybersecurity and the future SOC. On one hand, CISOs globally are looking for solutions to make their security processes more effective, efficient, and scalable. But given the volume of attacks and the constant flux that the cybersecurity landscape presents to analysts, it’s a challenge to find tools and processes to improve accuracy and decrease false positives.
Hence, the ongoing interest of SOCs toward machine learning for cybersecurity such as anomaly detection. The catch is that these tools require training, both on the human and the AI side, to operate effectively. Skilled analysts are critical in providing use cases for baseline management and supervising any anomaly detection. Without enough talent on your side, the existing staff will be working harder to ensure that the detection tools are working optimally.
This is why the future SOC requires a hybrid model. One in which machines and human analysts work together against malicious activity. And at a time when trained analysts and skilled workers are in short supply, and the role of an “information security analyst” is still predicted to be the 10th fastest growing occupation over the next decade, the challenge facing SOCs is not how technology can solve the problem, but who’s going to guide it. That’s the issue at hand.
The Talent Landscape
Intuitively, it would seem that the problem is just making sure that you hire more, but it’s not as simple as that. First, it should be made clear that there are several factors at play, with the five most common consisting of:
- Analyst Burnout and Alert Fatigue
- Too many mundane and repetitive tasks
- A Knowledge and Skills Gap
- Lack of Direction, Training, Growth, and Support
- Financial Considerations
These factors lead to a talent shortage that comes from two fronts;
- Internally when analysts and skilled SOC workers leave due to burnout or better positions elsewhere,
- Externally, there’s a lack of skilled workers to hire and train in the recruitment/education pipeline.
To solve the first problem, the internal shortages, the SOC and CISOs need to focus on retention via upskilling the existing analysts and addressing their concerns about work/life balance, defining clear career paths, and the opportunity to grow. On average, an analyst generally has a tenure of 26-30 months in their position before leaving, so this is of utmost importance to keep them. Many organizations globally, in fact, have turned to their ranks to offer infosec-dedicated programs for upskilling and tuition reimbursement for external training.
As for the external solutions, the cybersecurity industry has begun to pivot to creatively solve this issue.
Managing cybersecurity is more than just algorithms and reports; it’s also about creativity and ingenuity. There are a lot of different and non-traditional pipelines to mine to find new talent. Several factors need to be considered when looking to hire, including a lack of internships, a lack of a clearly defined career map, and the time it takes to gain cybersecurity proficiency on the job. Therefore, an unconventional approach is needed - look to the outliers.
Bringing in The Outliers
When asked how they are looking to address the talent and skills gap, several respondents of the (ISC)2 Cybersecurity Workforce Study, 2021 said they’re looking towards a broader array of qualities in potential employees rather than a list of technical certifications. Consider this; cybersecurity is a multidisciplinary practice. Knowledge of technology and human dynamics, finance, risk, law, and regulations are needed to complete the job successfully.
In this manner, it’s entirely possible that not only can someone without a technology background get hired and trained in a technology role full time, but they could also excel at it. Dubbed as “accidental cybersecurity professionals,” they offer a wealth of new perspectives, problem-solving skills, curiosity, and communication skills to offer a unique mix of technical and soft skills.
Just to put it into perspective, an (ISC)2 study found that, on average:
- Only 47% of the respondents working in a SOC came from an IT background
- 17% came from an unrelated career,
- 15% gained access via cybersecurity education,
- 15% were self-taught, learning cybersecurity concepts on their own.
It’d be a mistake to discount an applicant just because they don’t necessarily have an IT Security certificate.
Start a Pipeline at The Beginning
The reality is that the pathways to cybersecurity are evolving. Not every cybersecurity professional decides early on in their educational career that this is what they want to do. While programs and certifications exist, the ever-evolving nature of the industry dictates that they’re not as common as they should be. Thus the talent pipeline is currently more narrow than required.
Seeing the bigger picture, organizations have begun to address this bottleneck. For example, Microsoft has pledged to work with U.S community colleges to address the skills shortage to place 250,000 people into the cybersecurity workforce by 2025. IBM is promising to train 150,000 people in cybersecurity over the next three years and has partnered with colleges with diverse populations. Google is pledging to offer a Google Career Certificate program for vital jobs in data privacy and security. These are just examples from some of the more prominent organizations. Some smaller training providers and security firms are also partnering with Big Tech to offer their own recruitment and training opportunities for security talent.
If you want to build the kind of security analyst that you would hire for your SOC, you need to start from the ground up and invest in them early.
AI-Assisted Cybersecurity is The Other Half
As mentioned earlier, the human staff in your SOC is only half the equation. An effective SOC analyst team has both the trained staff and the best tools and technologies at hand.
An AI-Assisted Cybersecurity platform, such as Arcanna.ai, offers efficiency in security operations by automating processes and retains your cybersecurity expert knowledge within AI models. Not only does the AI benefit from the collective knowledge of the most senior analysts via deep learning, but that knowledge stays in-house and can be used as a safety net for new hires, “non-technical” creative hires, and to save time for upskilling others on the team.
When an alert is triggered, the AI-Assisted Cybersecurity system analyzes it and determines whether it should be escalated for further investigation or discarded, creates a ticket, adds threat intel, and an analyst reviews the outcome, and feedback is given. The system then adds this learning into its processes, continuing the cycle. Regardless of the organization's size and growth trajectory, AI-Assisted Cybersecurity can scale capacity to handle and address threats to enhance your security parameters.
This means seasoned analysts can manage their workloads, upskill, and focus on future attacks that machine learning can’t predict. Their only responsibility to the AI is to validate the AI’s results. AI-Assisted Cybersecurity is a tool to automate and detect that helps humans and machines to narrow the knowledge and skills gap and improve operational efficiency.
Contact us to learn more about how Arcanna.ai can help address and solve your cybersecurity talent shortages.