The Cybersecurity Skills Shortage is 50% Worse Than We Believe
The mainstream analysis is seriously flawed
A shortage of nearly three million: This number may seem abstract,
but it’s having a real-world impact on companies and on the people who are responsible for their cybersecurity. According to the [ISC2] survey, 63% of respondents report that their organizations have a shortage of IT staff dedicated to cybersecurity.
“Cybersecurity Professionals Focus on Developing New Skills as Workforce Gap Widens.” (2018)
ISC2 has just released its study, “Cybersecurity Professionals Focus on Developing New Skills as Workforce Gap Widens.” Unfortunately, it makes the same mistake so many studies have made over the years. While its methodology is more expansive by looking at the unfilled current and projected openings in the cybersecurity, it misses looking at the position descriptions themselves.
THE FAULT: Current cybersecurity positions are looking for 2-3 cybersecurity professionals within a single position. They seek widely disparate skill sets, experiences, hard and soft skills requirements, etc., that increase the REAL skill gap by at least 50%.
Here’s why
This is an excerpt from my original article, “More Unicorn Jobs?!” (July 17, 2017.)
Here is an example of what I find fascinating when I talk to recruiters about cybersecurity and intelligence positions like this. (See the actual job description below). My guess, since this is a mid-level position, it will be no more than $120K. “Sorry “son,” the labor category will only support us offering you no more than….”
The”unicorn” mentality has to be couched in a lot more common sense. If you, the recruiter are frustrated trying to find the right candidate, how do you think we feel?
Here is the position description that lead me to the conclusion that the statistical and predictive analytics has not dug down far enough. This is an actual position I received in 2017, and as I look at other positions sent to me from recruiters, I can reasonably state: “it’s bad and getting worse” for hiring managers, HR professionals, and especially for cybersecurity specialists and professionals alike.
Enjoy:
THE ULTIMATE UNICORN POSITION:
Cyber Analysis Support Specialist (Mid-Level)
Overview: This effort requires personnel who can research, analyze, and report on computer network probes/attacks, trends, and hacker tools and techniques to produce indications and warning reports on impending network attacks against U.S. Defense and national infrastructure systems. In addition, personnel must be able to analyze network nodes (people and groups) and characterize linkages that show the relationships or flows between nodes.
- Responsibilities:Performing tasks associated with the SIGINT and/or other intelligence disciplines’ production cycle, including researching, tasking, analysis, reporting, assessing, and interacting with customers.
- Analyzing and assessing technical and operational vulnerabilities in U.S./DoD or foreign current or emerging technologies or operations, and determining risk to U.S. networks of interest posed by adversarial systems, activities or operations.
- Analyzing all-source intelligence data, identifying critical threat information, researching historical threat reporting, and crafting assessments in support of customer information needs.
- Performing all-source research to identify and report on the intentions and capabilities of adversaries, state and non-state sponsored, to threaten, exploit or otherwise disrupt networks of interest to the U.S. and its allies.
- Assisting with the development of databases and other knowledge repositories on adversary information warfare and hacker capabilities, intentions and supporting infrastructures.
- Compiling and correlating data sets to determine levels of threats and vulnerabilities to U.S. network systems.
- Producing threat/vulnerability assessments.
- Performing risk and opportunity assessments through synthesis of information across intelligence disciplines and open-source information.
- Supporting customer efforts to partner with other organizations on the identification of vulnerabilities and corresponding threats with the goal of influencing mitigation strategies and solutions.
- Researching and analyzing data using available and appropriate analytic tools.
- Assisting technical personnel in developing automated analytic tools by providing specific information about adversary targets and techniques.
- Developing end-product report drafts and entering them into report production systems.
- Assisting in the evaluation and staffing of Information Needs (IN); interacting with customers, other production elements and data acquisition offices in order to meet customer needs.
- Scheduling meetings, analytic exchanges, organizing data and providing threat analysis support to branch and division-level managers.
- Participating in team building research efforts, sharing analytical techniques and research methodologies.
- Contributing to knowledge management by entering sources and analytic findings into appropriate databases and other repositories on a timely basis.
- Meeting customers’ delivery deadlines and satisfying customer expectations for accuracy and completeness.
- Documenting reports and customer feedback in local Request for Information (RFI) tracking databases and other recording systems.
- Identifying adversary presence in the Internet and using visualization tools to map the information systems, networks and major servers they use.
- Using research and analytic findings to identify network associations and map them in diagram/topology presentations.
- Performing baseline and secondary analysis and providing visualization support by using Analyst Notebook and NetViz or other visualization tools.
- Making recommendations for additional collection possibilities when and where possible.
- Conducting and tracking behavior analysis and characterization of adversary decision processes, their technological dependencies and social network connections.
- Documenting all research and analysis using standard document and network mapping tools.
And Even More…
Qualifications: *All Candidates must have a TS/SCI clearance with a CI Polygraph (or Full Scope)
- Shall have a minimum of six (6) continuous years of work experience in intelligence analysis or a related field, or a combination of a minimum of three (3) continuous years of work experience in intelligence analysis or a related field and a Bachelor’s degree in an applicable (math, science, computers, engineering) field.
- Work experience shall include three (3) years of IC or related experience in intelligence analysis.
- Shall have demonstrated competence with relevant Computer Network Operations (CNO) and SIGINT tools and databases used for the customer mission, and communications skills that include the ability to provide formal documentation of analysis and/or research results.
- Shall be considered a SME in one or more fields appropriate to Intelligence Analysis or Computer Networking technologies, and be able to serve as a SME for working groups and meetings with partner organizations/agencies.
- Shall have demonstrated expertise in analyzing intelligence information and technical data, analyzing exploitation opportunities, documenting information and processes, gathering intelligence information, interpreting analytical results, performing Internet research, writing and editing skills at a technical/professional level, and managing internal and external customer relations.
- Shall be an effective writer and verbal communicator.
Yup, and a wide array of Intelligence Community Toolsets…
Required Tools : ANCHORY/MAUI, MARINA/YACHTSHOP, PATHFINDER, PINWALE/UIS, XKEYSCORE
Preferred Tools : BANYAN, CADENCE, CROSSBONES, FASCIA, MAINWAY, TUNINGFORK, TRICKLER, UTT
….and this passes for a coherent Position Description?
101 Great Answers to the Toughest Interview Questions, 25th Anniversary Edition Paperback – February 22, 2016
by Ron Fry
Dr. Russo is currently the Senior Data Scientist with Cybersenetinel AI in Washington, DC. He is a former Senior Information Security Engineer within the Department of Defense’s (DOD) F-35 Joint Strike Fighter program. He has an extensive background in cybersecurity and is an expert in the Risk Management Framework (RMF) and DOD Instruction 8510, which implement RMF throughout the DOD and the federal government. He holds a Certified Information Systems Security Professional (CISSP) certification and a CISSP in information security architecture (ISSAP). He has a 2017 Chief Information Security Officer (CISO) certification from the National Defense University, Washington, DC. Dr. Russo retired from the US Army Reserves in 2012 as a Senior Intelligence Officer.