Year in review 2014

How an acute shortage of cyber talent gave rise to 'spooks as a service'

At the RSA Security Conference last year, companies large and small were trumpeting the spy agency connections of senior staff as never before. Startups in areas like 'threat intelligence' and endpoint protection touted their executives' experience at three-letter agencies as a precursor to conversations about the scourge of advanced threats and attacks.

Yet the big story about cyber talent that emerged in 2014 — at the RSA Security Conference and elsewhere - was of scarcity rather than abundance. Finding experts with experience identifying and analyzing sophisticated cyber threats is a herculean task. Hiring them is even harder, and few organizations can afford an internal team of cyber forensic experts to stand at the ready.

In its Annual Security Report for 2014 (reg required), Cisco Systems found that problem of sophisticated and stealthy compromises is exacerbated by a shortage of more than one million security professionals worldwide. "Most organizations do not have the people or the systems to continuously monitor extended networks and detect infiltrations, and then apply protections, in a timely and effective manner," according to the report.

"The number one issue I hear is 'we can't find the people,'" said Mike Rothman, an analyst at the firm Securosis. "And I'm talking about guys who can configure IPS (intrusion prevention system) boxes, not malware analysis," Rothman said. He was speaking on a panel discussion focused on incident response at an event hosted by the investment-banking firm Americas Growth Capital.

To continue reading this article register now