How Gamers Could Save the Cybersecurity Skills Gap

  /     /     /  
Publicated : 22/11/2024   Category : security


How Gamers Could Save the Cybersecurity Skills Gap


McAfee shares its firsthand experience on training in-house cybersecurity pros and publishes new data on how other organizations deal with filling security jobs.



Grant Bourzikas, McAfees chief information security officer (CISO), swears by gamification as one of the key ways to invest in and retain security talent. Its a strategy his own company has adopted in building out its security operations center in the wake of its spin-off from Intel, and new data from a study by Vanson Bourne on behalf of McAfee found that nearly three-fourths of organizations believe hiring experienced video gamers is a solid option for filling cybersecurity skills and jobs in their organizations.
Since much of the challenge of staffing a stable and successful security operations center (SOC) is retaining talent, the happier and more skilled the staffers, the better they operate and the longer they stay, according to the study, which polled 950 cybersecurity managers and professionals in organizations with 500 or more employees in the US, UK, Germany, France, Singapore, Australia, and Japan.
Some 54% of security pros who say they are extremely satisfied in their jobs engage in capture-the-flag games one or more times a year; 14% of pros who are unhappy in their jobs participate in those exercises.
Bourzikas says McAfee hosts tabletop exercises for its staff every two weeks, as well as monthly red exercises. Gamification, I think, is about how I get people to think about the bigger picture of their day-to-day security tasks, he says. People that are new to cybersecurity want to focus on the shiny new threats and attacks and attack vectors. Most dont like [just] doing the basic operations stuff.
Gaming exercises help security pros improve and hone their skills, he says, and McAfee offers them to all levels of SOC staffers, for instance. It gets them to think differently about the problem, he says. On the gamer side, they can learn from their mistakes, how to beat [their] opponent.
As part of McAfees tabletop exercises, the participants learn to understand the type of a breach and what to do when it hits, for example. Its a way to think about present conditions and coming up with new ways to add to the playbook, he says. How do we understand and challenge the assumptions we have today?
Some 52% of the organizations in the survey say they experience turnover of their full staff on a yearly basis. Nearly 85% find it difficult to get the talent they need, yet 31% say they dont actively work to attract new blood.
My view is that its more of a skills shortage than a people shortage, Bourzikas says. Its critical to have a talent program for attracting, retaining, and developing people, he says. How do you give people who come in a career path where they feel rewarded and feel they are compensated and taken care of?
In 
McAfees new study
, close to 90% of security pros said they would consider leaving their jobs and going elsewhere with the right incentives, while 35% say they are extremely satisfied and staying put.
According to Dark Readings 
Surviving the IT Security Skills Shortage
 survey last year, more than half of organizations claim to have some highly skilled staffers but also have some who need a lot more training. Fewer than one in four say their teams are well trained and up to date on the latest technologies and threats, according to the report.
Automation
Automating mundane SOC and other security tasks is the Holy Grail, of course. More than 80% say automation would make security defenses work better. Bourzikas points to the promise of machine learning, neural networks, artificial intelligence, and human-machine teaming as the key to happier security pros and more-secure organizations. If we can automate those mundane tasks we face, then we can focus on the rest of it, he says.
Bill Woods, director of information security for McAfees converged physical and cybersecurity operations, says theres still no such thing as a perfectly secure system.
You have to accept the fact that you are never going to have impenetrable systems. Its always going to be a game of chess. The opposer is always going to be making moves, some of which will hurt you, he says. Its always going to be a battle. But that is what keeps the job interesting.
Related Content:
Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters
Best Practices for Recruiting & Retaining Women in Security
Death of the Tier 1 SOC Analyst
CISOs No. 1 Concern in 2018: The Talent Gap
Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the
security track here
. Register with Promo Code DR200 and save $200.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How Gamers Could Save the Cybersecurity Skills Gap