To Improve Security, We Must Focus on Its People

  /     /     /  
Publicated : 23/11/2024   Category : security


To Improve Security, We Must Focus on Its People


New technology can help cybersecurity bridge the talent gap, but tech wont do much without people to operate it.



RSA CONFERENCE 2019 – San Francisco –Its no secret cybersecurity has a people problem. Businesses struggle to find and retain talent, and theyre competing to hire the most skilled professionals. Still, burnout puts them at risk of losing those valuable employees.
The industry will be short an estimated 3 million people within the next two years, said Ann Johnson, Microsoft corporate vice president of cybersecurity, in her RSA Conference keynote. Seventy percent of IT employers say they face a moderate to extreme shortage in IT experts.
Whats more, she continued, work-related stress is causing 66% of IT professionals to seek employment elsewhere. Of those, 51% would take a pay cut in exchange for less stressful work. Technology can help solve these problems, but not if we dont improve the focus on people.
We must come together as an industry to address the major gaps we have, said Johnson, noting how in addition to growing its talent pool, cybersecurity is challenged to diversify it as well. If we do nothing to address these gaps, it will impact every single one of us in our everyday lives. We have the skills, we have the technology ... we must have the will.
Diversity and inclusivity go beyond gender, ethnicity, and race, she added, and security will benefit if we encourage additional ideas, capabilities, and backgrounds to help solve industrywide problems. Educational background, social background, theres a lot of things that make up diversity, Johnson explained in an interview with Dark Reading.
We must focus on the power of people to improve security, she continued, pointing to initiatives inside and outside Microsoft to bring more people and skills into the industry. As part of the Security Advisor Alliance, for example, the company partners with junior-high and high-school students to educate them on security principles, capture-the-flag exercises, and employment.
Another example is the Microsoft Cybersecurity Professional Program, which teaches students 10 skills over 10 courses ranging from Enterprise Security Fundamentals, to PowerShell Security, to Microsoft Azure Security Services. Johnson also spoke about the Microsoft Academy for College Hires (MACH), which pairs undergrad and MBA students with employees to train them in various disciplines; Johnson noted some worked with her incident response team.
Working with students has taught valuable lessons in how future generations will learn, she said. In working with middle- and high-schoolers, for instance, experts found games helped engage students. Gamification is important; making it fun is important, she added. Gen Z is truly digital native and prefer instant communication.
Johnson also emphasized the importance of bringing new skills into the industry. Businesses have a fixed mindset around the type of people they want enrolled, she noted. Cybersecurity job descriptions demand a STEM degree, three years of coding, and other technical qualities.
Were not going to solve for our talent shortage if we only hire the person who fits this tiny, tiny little profile, she said. Businesses have to think differently about how they bring people in cyber.
Mental Health: Its Time to Talk About It
If security jobs remain unfilled, defenders will burn out, Johnson warned. These folks are first responders, but we dont treat them like that. Security pros in different parts of an organization may be working around the clock when an event strikes or have to fly somewhere with little notice to help with incident response.
For CISOs and their teams, the stress level is always high, she added. If we want to empower people and amplify human capacity, we must consider the mental health of first-line defenders, she said. Mounting stress on defenders leads to more mistakes the longer an attack goes on.
Microsoft recently conducted its first personal resilience training, a program designed to train people on how to handle stressful environments, which received a positive response among participants, she added. We must protect the mental health of our cyber defenders, Johnson said.
Related Content:
Meet the New Public-Interest Cybersecurity Technologist
Its Time to Rethink Your Vendor Questionnaire
CrowdStrike Debuts Mobile Threat Detection System at RSA Conference
6 Tips for Getting the Most from Your VPN
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
To Improve Security, We Must Focus on Its People