If a computer can outsmart us playing chess, what is the next move for mankind? If an automated botnet can easily take control of your car, do personal safety issues drive you round the bend? The proliferation of devices and the adoption of new technologies, such as of the internet of things (IoT), has revolutionised all aspects of our lives. Demands for specialist skills to engineer, maintain and protect our vital data are now more important than ever. Yet, are there enough experts around to make sense of it all?
Closing the talent gap
According to The Institute for Public Policy Research, life will undergo “radical” change by the 2030s, with millions of jobs at risk of “automation” from new technologies, including artificial intelligence. With cyber-security becoming an integral part of everyday life, industries worldwide face a worrying paucity of talent and the gap is widening with each generation. Wherever you look, the training, recruitment and investment in professionals capable of tackling cyber threats across the network, cloud and endpoints continues to fall woefully short.
It is time to think S.M.A.R.T.E.R. Business needs a sustainable talent pipeline and it is the collective responsibility of government, academia, industry, individuals and professionals to make it happen.
Government and industry bodies need to collaborate better and commit more investment in cyber-security to ensure robust long-term security plans. The UK government’s recent £1.9Bn National Cyber Security Strategy is a start, but we still need more comprehensive, focused skill development initiatives from the grass roots to the top. Stronger regional and EU data protection laws will help, but implementing a comprehensive cyber-charter that includes greater resources, clearer policies and incentives for businesses will go much further to promote the importance of cyber expertise and security.
The cyber-security market is growing rapidly and the digital economy is driving increased reliance on application services. Despite IDC recently forecasting that global cyber-security spending will reach $101.6 billion by 2020, many analysts predict there will still be 1 to 2 million cyber-security jobs unfilled by the end of this period. In particular, experts are needed to expand beyond traditional firewalls and legacy enterprise perimeters to respond more effectively to hackers targeting companies’ vital applications. Adequately mitigating application-level DDoS attacks, ransomware and sensitive data vulnerabilities calls for a legion of talent that simply does not exist at the moment. The same applies to the cloud in all its forms. More than ever, we are crying out for experts to optimise performance, design architectures and manage access to networks and applications from any device, anytime and anywhere.
Supporting applications, accommodating employee growth and achieving operational efficiencies is vital. We urgently need more specialists with the freedom to develop solutions that unlock business agility, flexibility and scalability to stay competitive. If the app is the key to the Kingdom, then the expert is the King’s Counsel.
Recruiters and companies need to think beyond traditional biographies and CVs. Talent comes in all forms. Currently, there are insufficient security experts in the market, so new ways to identify people with associated skills, such as cognitive reasoning, mathematics, problem solving and software are key to battle the bots and build stronger businesses in the future.
IT departments are under tremendous pressure to unearth new methods and responsibilities to resolve new on-line attack issues. Specialist external support is important, but in-house skill building is equally influential to manage IT transformations and facilitate successful partnerships with vendors. Optimal outcomes are achieved when in-house knowledge compliments external expertise. Crucially, training must never be static and keep pace with cutting-edge technologies.
Traditional education is inadequate when it comes to nurturing tomorrow’s cyber-security superstars. Academia needs far more specialised certifications to encourage pupils to equip themselves and business for the rapidly changing threat landscape. Better awareness, research, investment, specialist teachers, resources and closer industry support is desperately needed. Education is the lifeblood of coping with an increasingly automated world.
Cyber-security experts cannot sit on the side-lines as they need to be in thick of the action affecting change. IDC predicts that by 2018, 75 percent of chief security officers (CSO) and chief information security officers (CISO) will report directly to the CEO and not the chief information officer (CIO). Many analysts also suggest there is a case for a new leader in the form of a chief risk officer (CRO), who will wield overall responsibility for budgets and strategy, as well as oversee all areas of risk exposure from physical IT security to asset protection and data security. These will be high-status, desirable jobs, but they have to be filled by match-fit candidates.
With the dearth of cyber-security expertise, companies face a complex future. While some experts argue that artificial intelligence will be the only method capable of tackling malicious automation, the human touch is unlikely to go away. The race is now on to engender specialist skills that focus less on point-products and more on solution setting. People are assets not a cost and need to be protected, educated and empowered. The battle of the bots against the boffins is on. Our data is at stake and it is a fight we can ill-afford to lose.
Michael Brown is Systems Engineering Manager for F5 Networks