Cybersecurity Talent, Skills Gap: What It Means for MSSPs
Earnest talk of a cybersecurity talent gap began as early as five years ago, maybe sooner, with admonitions that the bad guys, the purveyors of malevolent technology, would in the absence of a reservoir of highly trained pros have an unimpeded path to turn benevolent innovation against itself.
Fueling the concern was, and is, a perilous shortfall in the number of those who mesh technical skills with security expertise and also grasp business risk to combat the mushrooming techno plague. In an encapsulated form, here’s how the problem looks now, framed via researcher and consultant Cybersecurity Ventures:
- Global spending on cybersecurity products and services to combat cybercrime will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021.
- Cybercrime globally will cost $6 trillion annually by 2021, double that of 2015.
- Some 1.5 million cybersecurity jobs in the U.S. will be open by 2019, 50 percent more than in 2016.
- The U.S. cybersecurity unemployment rate will remain at 0% over the next 5 years, from 2017 to 2021.
Boiled down, the money spent on cybersecurity isn’t denting the cybercrime inflicted losses plaguing businesses. One response–certainly not the wrong one but an incomplete one–resides in developing new talent pipelines, such as security-centric trade schools that emphasize skills and hands-on experiences, as IBM advocates.
Otherwise put, people and not technology alone, are both the cause of and the solution to cybercrime. That makes Cybersecurity Ventures’ point that there are more ingredients to baking this cake in addition to recruitment and training all the more compelling.
Cybersecurity Skills Gap: MSSPs to the Rescue?
MSSPs may be cybersecurity’s “saving grace,” the analyst contended in its recent Cybersecurity Jobs report, compiled in a collaboration with MSSP the Herjavec Group.
Reasoning that chief information security officers (CISOs) are spread too thin by “scrambling for talent” while repelling cyber attacks, it is outsourcing, namely MSSPs, whose focus is solely security–already trained guardians if you will–that offer another way ahead.
Here’s how Herjavec’s CEO Robert Herjavec, paints the scenery:
“Managed Security Services is the new house alarm. The logs tell you if your house is safe. The insights SOCs can draw from data correlation will tell you if the other houses on the street are getting robbed. Security technology management keeps the system fine tuned. But the secret sauce? That’s in data enrichment. That’s where the magic happens.”
Of course, the oft-stated hurdles to outsourcing security don’t evaporate once a business opts to relinquish some measure of control by working with a third-party provider, including the proper vetting process for trained expertise, operations and technology to lock in safeguards.
And, the notion that security operations center-equipped MSSPs are best suited to companies lacking internal IT resources and talent may have to be relegated to the sidelines: The data shows it’s not only smaller organizations but also CISO-overseen enterprises that suffer from a dearth of security pros.
MSSPs Face Their Own Challenges
Certainly, MSSPs themselves face an imbalance of available talent. However, rather than competitors against businesses seeking talent, perhaps, in this era of full security employment, they are better regarded as collaborators. As Cybersecurity Ventures suggests, inasmuch as MSSPs perform “most of the cutting edge work” in cybersecurity, they present an alluring draw for fresh candidates.
Indirectly, then, companies engaging with MSSPs could benefit from a talent infusion without incurring some of the burdens of locating, educating and recruiting new people. In that regard, people, as in third-party MSSPs, are another ingredient in the solution if you look in more than one place.