Data breaches are earning front-page headlines on a near-daily basis, yet many companies across industries are struggling to obtain the security skills they need to functionally combat the ever-increasing threat of attack.
What is accounting for this schism? Clearly there is an overwhelming demand for talented security professionals, yet organizations remain mired in a game of whack-a-mole when it comes to fighting off their adversaries. The workforce shortage often is thought to be most prominent at the government level, but manufacturing, financial services, health care and retail all are experiencing serious gaps.
The main reason for the talent shortage is a lack of trained and educated professionals. Many colleges and universities are beginning to offer more specialized programs - industry and government have embarked on new initiatives as well - but there is still a lot of catching up to do until supply overtakes the demand.
So how can organizations overcome this shortage? It might be easier than we think: Simply decrease the demand. That can be accomplished by developers building more resilient applications and computer systems, thus significantly reducing the attack surface.
Of course, attackers only need a single vulnerability - so breaches never will fully cease. As such, companies that offload their security preparation and response to a managed security services provider (MSSP) can effectually offset their need for more skilled workers.
Under such an arrangement, they wouldn't need to install and manage technologies themselves, retain and train staff to run and configure potentially complex systems, or worry about aging levels of protection. They can instead focus on their personal priorities and core competencies, and work on filling other gaps not related to security.
Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.