Even as cybercrime continues unabated and new data breaches seem to make the headlines daily, organizations in tech, cybersecurity, and beyond are struggling to find and retain enough security talent to cover all critical bases. A renewed push from the Biden-Harris administration focuses on unleashing America’s cyber talent to lay a foundation that, combined with modern tooling and more efficient processes, should help to fill the gap in years to come.
The gap in cybersecurity talent isn’t closing fast enough
The World Economic Forum noted in its 2023 Future of Jobs Report that cybersecurity is among the top in-demand skills expected to drive job growth in the coming years. Despite the cybersecurity workforce sitting at 4.7 million strong, research from (ISC)² shows we still need about 3.4 million workers to help cover this fast-paced corner of IT – barely a noticeable decrease from 3.5 million in 2019, which proves that this issue rages on.
While it’s symptomatic of a deep-running issue all across the IT industry, we feel it ten-fold in cybersecurity. Less talent means fewer hands to cover the curveballs that threat actors throw daily. Cyber threats aren’t slowing down, and they’re not getting cheaper to fix after disaster strikes either: attacks increased 38% in 2022, with the average cost of a data breach topping $4.45 million. That’s a 15% increase over three years, according to IBM’s 2023 Cost of a Data Breach Report.
Legislation to the rescue
A fresh-off-the-press push from the Biden-Harris Administration comes in the form of a National Cyber Workforce and Education Strategy, with the stated goal of unleashing America’s untapped cyber talent. To quote the strategy document:
Filling the hundreds of thousands of cyber job vacancies across our nation is a national security imperative and the Administration is making generational investments to prepare our country to lead in the digital economy.– National Cyber Workforce and Education Strategy
The strategy urges government officials to work with key stakeholders and the public sector to open more opportunities for Americans to train and improve their cybersecurity skills so they’re better prepared to enter the workforce and help offset some of the talent gaps.
With this initiative and the advent of more modern tools, the entire tech industry now has a unique opportunity to marry technical fortitude with human innovation for improved processes as we close gaps in security coverage.
Finding the right teams and the right tools
When there’s a surplus of open roles and the threats aren’t slowing down, cybersecurity quickly becomes more challenging than it needs to be – but it’s a challenge we can’t ignore. Turning a blind eye to security only generates more issues as problems and risks pile up, along with technical debt. The ever-growing number of applications and APIs we rely on for daily digital undertakings can’t be underestimated, nor can the risk they carry if built and maintained with subpar security practices.
To deal with workforce shortages, some organizations take the most risky path and outright ignore security until it becomes too big of a headache. Others opt to widen their talent pool by looking for candidates with more broad experience and finding opportunities to train them. One approach suggested in the new Biden-Harris strategy is for organizations to seek out candidates with the right creative and collaborative mindset to tackle intricate problems, even if they don’t currently have the required expertise in security. Promising candidates can then receive intensive cybersecurity and IT training to acquire or fine-tune the specific skills they need.
Another common approach today – and the most immediately practical – is to use existing resources and the right blend of accurate modern tools to take the heat off security teams, while also continuously training workers to improve their skills. When security processes and best practices are established and easy to integrate throughout the software development lifecycle (SDLC), organizations can not only maintain day-to-day security but also streamline secure development to make DevSecOps a reality. With the right automated solutions, security can be a routine part of operations and software quality rather than a tedious add-on chore.
Doing more with less using automation and AI
While having the right automated security tools isn’t a magic key for fixing issues with the cybersecurity workforce, it certainly is a foundational start to retaining talent and covering skill gaps. We know that 1 in 3 security issues under remediation make it to production without being caught in testing or development as teams skip critical steps to speed up processes. That’s where automation shines, and new technologies like artificial intelligence (AI) are already emerging to boost accuracy.
Data from IBM’s AI and automation for cybersecurity report shows us that AI plus automation improves cybersecurity efforts by mitigating fatigue and enhancing decision-making processes. When asked which performance advantages they’ve seen from AI and automation, 67% of respondents underscored time and cost reductions for detecting and triaging Tier 1 threats, and 65% said that AI and automation have helped reduce false positives and other noise that requires human intervention.
When you eliminate guesswork and avoidable manual tasks from security, confidence in your overall strategy improves. Plus, your talent doesn’t have to struggle when balancing innovation and risk reduction, allowing them to focus on building applications and running them more efficiently. Combined with the thoughtful approach to education, training, and diversification laid out in the new guidance from the Biden-Harris administration, accurate and automated technology should go a long way toward finally alleviating the chronic cyber workforce shortage.
To see how accurate automation can make a real difference in web application security testing, read the free Invicti white paper How to Secure Thousands of Websites with a Small Security Team.