The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/765798
66 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | WINTER 2016 FEATURES The Scarcity of Cybersecurity Experts Candidates for security jobs should have a solid base of knowledge in networking and should thoroughly understand ports, protocols and the OSI model. They should also understand basic security, including how a Trojan differs from a worm or virus, what exploit kits are, and what open-source tools aackers use. It takes years of working in security to truly understand how threats work and how to combat them. If you are lucky enough to find great security professionals, do what you can to keep them. Oen aer security experts work for an organization for a couple of years, they move on to beer opportunities, and organizations must then search again for a good cybersecurity professional. To overcome the dearth of cybersecurity specialists, many organizations are turning to managed and professional services organizations to supplement internal staff. In its 2016 survey report "Cybersecurity Skills Shortage: A State of Emergency," IT analysts Enterprise Strategy Group (ESG) found that 46 percent of organizations have a problematic shortage of cybersecurity skills, and that 23 percent of organizations will outsource some cybersecurity tasks to a managed security service provider (MSSP) in 2016. The ESG report said, "Given the pervasive cybersecurity skills shortage, this percentage will most likely grow in the future." P2P Here are some things to consider during your next search for a security professional: Academic credentials rarely indicate practical, hands-on knowledge. Certifications are a better indicator but do not directly correlate to technical proficiency. You must place a candidate in a scenario-driven interview that will elicit actual skill and technical proficiency. Cybersecurity is a highly dynamic environment with a continually changing threat landscape, so a candidate must have a passion for learning. It is one thing to have the skills to perform security analyses, but quite another to have the tenacity and drive to perform security-related work eight to 10 hours a day and to protect the organization from increasingly sophisticated attacks. Whether inspecting packets, conducting incident response forensics or performing threat research, security professionals must be internally driven to succeed and provide value. Self-motivation is an important trait in a security expert. Security professionals are driven by a passion for the field. Money is always important, but the real contributors are more enthusiastic about a working environment that challenges them intellectually and will support continued professional and technical development. 46 percent of organizations have a problematic shortage of cybersecurity skills. Things You Should Know When Looking for a Security Expert