Introduction
I saw this picture the other day and it struck me as the perfectexplanation of why it’s so hard to find the “right stuff” when it comes tohiring cyber security talent. The actual image that got me thinking about thedearth of talent, however, was shared privately. OpSec being what it is Ididn’t want to re-post pictures of friends of friends, so I did the next bestthing. Instead I found a suitable meme image (below).I’ll get back to the image in a moment.
The Cyber Security Sector is Growing
The US Bureau of Labor Statistics (BLS) just published a new Occupational Outlook Handbook last December. They projectthat the ranks of Information Security Analysts will grow by 18% by 2025.This is well faster than the baseline growth rate of 7%, andshould amount to some 82,900 more Black Hat attendees by 2025.
I want to applaud the BLS for the way they artfully and correctly dodgedthe question of how to define the “Information Security Analyst”. To quote:
“Information security analysts plan and carry out security measures toprotect an organization’s computer networks and systems. Theirresponsibilities are continually expanding as the number of cyberattacksincreases.”
It is clear to me that they really did study the field carefully beforewriting that description.
Of those 82,900 new jobs, many will be entry level. However, a significantportion will need to be staffed by highly skilled experts in the field. I’mtalking about operators who have experienced that moment of vertigo thataccompanies the discovery of the smoking gun that clearly shows that you arewell and truly pwned. I’m talking about that level of talent and experiencewhere the researcher or analyst seems able to smell malicious activity in andamongst Internet background radiation. I’m talking about folks who appear toread pcap files at wire-speed. Either way, it comes down to a strong aptitudefor detecting patterns, and a good history of patterns to match against.
Pattern Matching
As much as we may hate to admit it. The operational nature of securitytoday is all about detecting anomalous patterns and resolving theanomalies or correcting the detector. The challenge is being able to seethe forest from the trees. It’s easy to dismiss a single strange packet, butwhat about a single strange packet once per day?
Let’s get back to that image. If you know your 70’s classic rock musicthis one is easy. The song that would be going through your head is TakeIt Easy by the Eagles. That’s a statue of Don Henly “Standin’ on thecorner in Winslow Arizona”, and a reflection of a flat-bed Ford in thewindow. If everyone learned the same way and had the same approach todetecting patterns, this might be an easy problem to solve. Exposing upand coming security operators to a diverse set of experience is the easypart. What I want to know is how do we improve the process of finding andattracting the folks who are really good a detecting patterns?
Conclusion
As an industry we need the whole spectrum of talent. The grand mastersand newbies, the suits and the black t-shirts. Gender, ethnicity,socioeconomic background are all critical. The more diverse your team is,the more patterns you will have on file and approaches to patternmatching you will have at your disposal. Diversity itself is not enough.To have a true rock-star team they all must work well together. If yourpeople aren’t getting excited about discoveries and sharing them withtheir peers seeking a wider insight, then what you have there is a reallyexpensive ping pong team. With that in mind, the question I leave you with isthis: how do we find and nurture the future security experts industry soclearly needs?
Ben April is the Director of Engineering for Farsight Security, Inc.
Heading
