Cyber Staffing Shortages Remain CISOs' Biggest Challenge

While SecOps leaders face a variety of challenges in their roles, the two biggest standouts are the difficulty navigating the skills gap in the cyber field and the challenge of operating and investigating commonly used tools.

Researchers at Command Zero have released a report on challenges that chief information security officers (CISOs) and other leaders face, with data collected through hundreds of detailed interviews with cybersecurity professionals from 15 industries. The researchers argue that over the past 40 years, certain innovations have been markers for waves of "digital innovation," such as the creation of the Internet, cellphones, and cloud computing. Now, the latest wave of innovation comes in the form of artificial intelligence (AI). In all of these arenas, the advantages they provide come with deep security challenges.

Where's the Talent When You Need It?

The primary and seemingly obvious challenge is the skills shortage in cybersecurity, for all disciplines, but especially in the area of cyber investigations, according to the report.

This is likely because the average cyber investigator must meet extensive requirements to be qualified for such a position. According to the researchers, these kinds of analysts need to be "subject matter experts" when it comes to analysis and have administrator-level knowledge of data sources.

Given the ongoing shortage of cyber professionals who meet that high bar of qualifications and knowledge, existing teams are stretched thin, some working the equivalent of two jobs to keep up with the latest threats. While this may keep a business afloat, it can also lead to burnout, oversights and, ultimately, a decrease in overall effectiveness of mitigating potential threats.

In addition, part of building such a substantial wealth of knowledge to be this kind of analyst is working in an environment that stresses and fosters the importance of continuous learning. However, "this is challenging when teams are constantly in fire-fighting mode" according to the researchers.

Because of this shortage, 88% of individuals interviewed expressed concerns regarding operational issues because of the lack of staffing while threats continue to grow. Not only this, but 74% of respondents said that they felt their team lacked sufficient public cloud skills to perform "high-quality investigations."

Command Zero recommends companies prioritize and resolve these issues by investing in analysts as well as improving job satisfaction to reduce turnover and improve talent retention.

No Absolutes Within SecOps Tools

Three tools are amongst the most widely used SecOps tools by SOC and IR teams in the industry: endpoint and other detection and response (EDR/XDR); security information and event management (SIEM); and security orchestration, automation, and response (SOAR). All three pose their own challenges for cyber professionals.

EDR/XDR, according to the researchers, is the most heavily relied upon investigation tool, but, it has its limits when it comes to correlating network and cloud telemetry. It's also expensive — it can be costly to use EDR/XDR "at scale in cloud environments," meaning that when it is used, it's not to its full potential leading to gaps in visibility.

Some 59% of respondents pointed to the staffing costs that come with using SIEM for investigations. Three-quarters report that they have a "lack of resources and skills required for integrating data sources into SIEM and SOAR," with some of them employing the services of a third party to keep the systems operational.

There's likely a correlation between the two, as deploying, customizing, and maintaining a SIEM requires highly specialized skills; training for these skills is costly, making them expensive to grow and cultivate, even moreso to staff when they're seemingly so high in demand.

Unfortunately, none of these three tools wallow for 100% coverage of all IT systems. The researchers recommend that companies invest in conceptual and technology-based training for security operations and identify the gaps in security they might have.

Staffing Shortage vs. Job Openings: Which Is It?

The cyber industry has been complaining for years of a staffing shortage, encouraging individuals to apply to jobs in an industry that claims it has much to offer. But is anyone actually hiring? Apparently so, but applicants have to be well qualified.

"Most cyber roles require cross-disciplinary experience and capabilities in IT," the researchers of the report tell Dark Reading, noting that hiring is difficult. "Unlike a system administrator role, which requires specialization in only one kind of system, cyber roles require a fundamental understanding of networking, endpoint, applications, and systems. This makes these roles hard to fill."

There's also a high demand from many competitive companies for the same qualified individuals. This means that these individuals have a lot of options, creating heavy turnover in an endless vicious cycle.

Their recommendations for landing a role? Look for cyber internships and part-time jobs while in school, or aim for adjacent roles to help gain experience.

"Your path into cyber can be networking, systems engineering, or software development," the researchers say. "While this may sound counter-intuitive, a lot of security professionals started their careers as non-security professionals in IT. So, starting out as a network associate or systems engineer can give you some of the cross-disciplinary experience you need to break into cyber."

And the learning never stops. "Because of how quickly cyber evolves," they added, "you need to continue investing into professional growth throughout your career."