The growing cybersecurity skills and personnel gap that makes recruiting and retaining personnel with the prerequisite expertise increasingly difficult for both the public and private sectors may have reached a point where it has become “a national security crisis,” according to statements from Art Gilliland, SVP and general manager, Enterprise Security Products for HP.
“The bad guys are so effective because there’s a massive gap in the number of skilled IT security people. We researched it, we looked at the job environment with Ponemon. 40 percent of essential IT security jobs go unfilled; it’s a huge gap,” said Gilliland. “Trying to fight this well-financed adversary, well, if you don’t have the skills, you lose. We see that happening.”
Other experts agree with Gilliland’s assessment. Former DHS Deputy Secretary and current President and CEO of the Council on Cyber Security, noted that reports of significant cybersecurity breaches frequently now lead the evening news, and afflict companies and enterprises of all sizes.
Lute says too much effort is wasted trying to embrace every IT function into cybersecurity when exactly the reverse is needed, as cybersecurity responsibilities must be clearly assigned out for every party in the ecosystem — be they users, SysAdmins, data managers, or security specialists.
“Professionalizing cybersecurity is overdue, and those who say that we must first wait until the field stabilizes are far off the mark,” Lute said prior to appearing on a poanel on the subject at the RSA Conference. “The fact of the matter is, this country does not yet have, in the number it needs, cybersecurity specialists with the most sophisticated skills and capabilities, and this situation must change quickly and in a way that allows all of us to have confidence in the skills and competencies of professionals in this field.”
The gap means that organizations in both the public and private sector are increasingly in competition with one another to recruit and retain the best talent, and this is an opportunity for thos in the position to capitalize on it.
“The adversary is sophisticated. There’s a whole malware ecosystem that drives innovation and specialization” said Gilliland. “An individual company is competing against this whole marketplace. If you don’t have the best people, you’re going to lose. It’s a big challenge if we don’t invest in training those people. The current huge gap is a national security crisis.