The People-First Approach to Security Operations

Security spending is on the rise and prioritized over other IT investments for 2018. A recent Tech Pro Research survey revealed 53 percent of respondents said security will be a top priority in their overall 2018 budget, which 39 percent expect to increase from 1-10 percent over 2017.¹

These increases aren’t a surprise given the many high-profile attacks (i.e. WannaCry) and data breaches (i.e. Equifax, DocuSign, Yahoo, etc.) seen in 2017.

But what is a surprise is the outdated method with which security technologies continue to be acquired and implemented.

Legacy Approach: Buy Technology then Apply the Needed Skillset

Most organizations buy security technology in this manner:

1. Identify the business problem(s) to be solved and the budget available to solve it
2. Develop the list of business requirements a technology must meet to solve that problem
3. Determine when the technology needs to be in place (go-live date)
4. Research potential vendors and consult with industry experts to determine a vendor shortlist
5. Invite vendors on the shortlist to demo and pitch their products
6. Evaluate vendors, then negotiate the final prices and go-live dates
7. Select the vendor and sign the contract for the technology
8. Evaluate if existing internal resources can operate and manage the technology—if not, hire the needed skillset
9. Implement the technology

Seems routine, right? And logical. But this standard way of selecting and implementing technology doesn’t work so well in the security operations world. That’s because it begs the question, “Which comes first—the technology or the technician?”

Technology coming first makes sense in a world where the supply of skilled workers exceeds the demand for them. Yet we all know that today’s cybersecurity most definitely is not that world.

• In 2016, industry experts estimated there were more than 1,000,000 vacant cybersecurity jobs globally, with more than 200,000 in the U.S. alone.²
• The global cybersecurity workforce will be short by around 1.8 million people by 2022—a rise of around 20 percent since 2015—according to a new report by Frost & Sullivan.³
• Around two-thirds of those surveyed by Frost & Sullivan currently don’t have “enough workers to address current threats.”⁴
• The cybersecurity unemployment rate was zero percent in 2016, and it’s expected to remain there from 2017 to 2021.⁵

Instead of buying technology before understanding the skillsets you already have on staff, you need to start with what you have.

For Today’s Security Operations: Leverage Existing Skillsets and Integrated Technology

Given the severe and growing shortage of cybersecurity talent, your best approach is equipping, enabling and empowering the team and the talent you already have. After all, it’s harder to find and bring new talent into your organization than it is to bring new technology.

Here’s how to go about it.

1. Audit then prioritize your existing team’s experience, skillsets, and interests.

Understand the skillsets of your existing team members. Then, build a data security technology strategy that prioritizes those skillsets over any new ones recommended by potential vendors. Be willing to walk away when presented with technologies that don’t meet your prioritized list.

2. Ruthlessly scrutinize potential vendors until you fully understand how complicated and time-consuming their solutions really are.

If your team has to “specialize” in order to use the vendor’s technology—or it requires dedicated staff to operate it—it’s too complicated. If it’s written in proprietary language or requires special modules or applications to read data correctly, it’s too complicated. If it doesn’t integrate with your current security framework, it’s too complicated. And if it isn’t easy to implement, manage, and create reports—it’s too complicated.

3. Focus on technologies that can be easily integrated or configured.

You want platforms that can easily integrate via API or scripting with your existing security applications, solve multiple data security issues, and can grow with your needs over time. Standalone tools that don’t do these things will only cause you frustration and waste resources, rather than help you remediate as many issues as possible within existing budget constraints.

4. Automate now or suffer the consequences later.

Finally, automation is key to helping you prevent threats to your corporate data and overcome the cybersecurity skills shortage. Threats evolve and increase in number faster than you can ever manually remediate them. Automation is the only way you can overcome alert fatigue while prioritizing the threats with the potential to do the most harm. Look for technologies that automate all the stages of security operations—from detection through to response—rather than tools your team must manually operate.

With most security operations teams unable to respond to the massive alert volume generated by their security infrastructure, many threatening attacks aren’t validated, investigated, or contained until they become major incidents. And throwing more bodies at the problem isn’t an option, given today’s cybersecurity staffing shortage.

That’s why answering the question “Which comes first, the technology or the technician?” — in today’s security operations matters. By starting with the technician, you better arm your security operations team to comprehensively protect your corporate data.

###

¹ ZDNet, “2018 IT Budgets are Up Slightly; Spending Focus is on Security, Hardware and Cloud.” Oct. 2, 2017.

² ISSA, “Resolving the Cybersecurity Workforce Shortage.” October 2016.

^{3, 4} Venture Beat, “Global Cybersecurity Workforce to be Short 1.8 Million By 2022.” June 7, 2017.

⁵ CSO, “Cybersecurity Job Market to Suffer Severe Workforce Shortage.” June 22, 2017.