Sergey Nivens - Fotolia
How the channel can play a vital role in reducing cybersecurity skills shortages
David Ellis, Vice President, Security and Mobility Solutions - Europe, Tech Data, argues that the channel can play a role in dealing with the security skills crisis
The IT skills shortage crisis has reached epidemic proportions, but nowhere is the lack of skilled professionals felt most keenly than in cybersecurity. A perfect storm of rising threat levels, increasingly well-resourced and determined attackers, and escalating breach costs has shone an unforgiving light on the problem. The good news is that there’s much the channel can do here to help.
A global crisis
Make no mistake, the cybersecurity skills crisis is now a global phenomenon. Worldwide there’s predicted to be a shortfall of 1.8 million by 2022, with Europe facing a projected skills gap of 350,000 workers. Across the region, over a third (38%) of hiring managers say they want to grow their workforce by at least 15% in the next year, yet 66% say they already have too few IT security employees.
Modern organisations are increasingly built on data-fuelled digital platforms. But without enough men and women to manage the frontline and secure that data, organisations are increasingly exposed to the risk of damaging breaches, service outages, financial loss and reputational harm.
Compounding the problem
The cybersecurity skills challenges facing the whole of Europe and beyond are compounded by the way IT security is typically run in many organisations today. Over the years, enterprises have amassed a bloated collection of security point products, many of which overlap in terms of functionality. In fact, Cisco estimates that the average company today runs products from up to 50 different security vendors.
This inefficiency is a problem for stretched IT security departments who simply don’t have the resources to keep practitioners skilled in each vendor’s products. It also creates extra complexity and sizeable integration gaps which hackers are more than ready and able to exploit.
Taking the pressure off
So, what’s the answer? Well, certainly next-generation, AI-powered security products featuring a high degree of automation can help by taking the pressure off your human resources, freeing up IT security practitioners to work on more strategic tasks. Automation in IT security is already changing the kind of roles that are in demand, and will continue to help lessen the impact of industry skills shortages as it matures.
Channel partners have a vital role here in explaining the benefits of automated tools to end-user organisations. They can also help customers build more strategic partnerships with their vendors, helping to consolidate on fewer, but more platform-centric products. This will have a win-win effect as it reduces the number of products IT security staff must get trained on and it will close those gaps in cyber-defence that result from poorly integrated point products. A couple of decades ago the cybersecurity landscape was full of vendors selling point products but had relatively few platform-based solution providers. Today the likes of Cisco, Check Point, IBM and McAfee offer a huge range of integrated capabilities with centralised management from a user-friendly GUI.
Of course, there’s a balance to be had here. Yes, you need to consolidate, but many organisations may still want to invest in multiple vendor to mitigate the risk of single points of failure in their infrastructure. Once again, the channel partner has an important advisory role to play here, explaining which vendors to rationalise on.
The value of training
However, we can’t ignore the underlying skills challenge, and that’s where training comes in. To an extent, organisations are stuck in something of a Catch-22 when it comes to training. On the one hand it’s vital to keep practitioners up-to-speed with the technology they’re employed to administer. But there’s also a risk that, if an employer invests in training, then that employee will either demand more money or leave the company.
Despite the potential risk of both happening, the bigger picture here is that organisations which invest more in career development are generally repaid in greater loyalty. For resellers, formal training certifications are also essential as they’re one of the first things a prospective customer is likely to look for: they need the assurance yours is a team of experts. It’s no surprise that security was one of the most popular disciplines of interest to IT practitioners (30%) looking to take training last year, according to a recent Pearson VUE survey.
The changing face of training
As a value-added distributor, Tech Data offers training courses to both partners and end customers. But be aware that the market is changing. Formal certifications are still valued, but increasingly so too are less clearly defined skills. Some courses, for example, aim to teach security practitioners how to get inside the mind of a hacker, so that they are better able to defend their organisation.
For those that think they don’t have the budget, there is a huge variety of newer, online courses — encompassing everything from remotely delivered virtual classroom sessions to self-paced learning. The key is knowing where to begin, which is when it pays to find a trusted channel partner to help guide you through the online training minefield.
The government is moving in the right direction in efforts to address the long-term problem of cybersecurity skills shortages. Initiatives like the extra-curricular Cyber Discovery programme, grants to encourage universities to teach cyber-related courses, and a new Cyber Retraining Academy are all to be welcomed. But be in no doubt, this is a problem that will take a generation or more to fix.
In the meantime, there’s a great opportunity for channel organisations to become expert trusted partners for customers: by offering training to security practitioners, advising on products to alleviate skills shortages, and even in providing managed services when enterprises have chosen to outsource.
This is a challenge for the entire industry, but one that can be faced with confidence if we work together.