SecOps leaders are facing significant challenges in their roles, with two major issues standing out above the rest: the skills gap in the cybersecurity field and the difficulties associated with operating and investigating commonly used tools. The findings come from a recent report released by researchers at Command Zero, who conducted detailed interviews with cybersecurity professionals from 15 different industries to gather insights into the current landscape of cybersecurity.
Over the past 40 years, the researchers note that various technological innovations have marked waves of digital transformation, from the creation of the Internet to cloud computing. The latest wave of innovation now comes in the form of artificial intelligence (AI), offering numerous advantages but also presenting deep security challenges for organizations.
One of the primary challenges highlighted in the report is the skills shortage in cybersecurity, particularly in the area of cyber investigations. According to the researchers, cyber investigators need to meet extensive qualifications and possess specialized knowledge to effectively analyze data sources. However, the shortage of qualified professionals means that existing teams are stretched thin, leading to potential burnout, oversights, and a decrease in overall effectiveness in mitigating threats.
Moreover, the report points out the importance of continuous learning in a field that is constantly evolving, highlighting the challenges faced by teams that are in a perpetual state of firefighting due to the lack of staffing. The researchers emphasize the need for companies to invest in analysts and prioritize improving job satisfaction to reduce turnover and enhance talent retention.
In addition to the skills gap, the report also delves into the challenges associated with operating and investigating commonly used SecOps tools, such as endpoint and other detection and response (EDR/XDR), security information and event management (SIEM), and security orchestration, automation, and response (SOAR). While these tools are widely utilized by SOC and IR teams, they each present their own set of challenges for cybersecurity professionals.
For instance, EDR/XDR is considered the most relied upon investigation tool, but it has limitations when it comes to correlating network and cloud telemetry. SIEM, on the other hand, poses staffing costs for investigations, with many organizations struggling to integrate data sources into the system. The complexity of deploying and maintaining a SIEM also contributes to the challenges faced by teams, as specialized skills are required and training costs are significant.
Despite the utilization of these tools, none of them provide 100% coverage of all IT systems, leading to gaps in visibility and security. As a result, the researchers recommend that companies invest in training for security operations to address these gaps and enhance overall security posture.
Furthermore, the report sheds light on the staffing shortage versus job openings dilemma within the cybersecurity industry. While there is a high demand for qualified professionals, many organizations are struggling to find individuals with the necessary cross-disciplinary experience and capabilities in IT. This has created a competitive hiring landscape, with qualified candidates having multiple options and causing heavy turnover in the industry.
To address this issue, the researchers suggest that aspiring cybersecurity professionals look for internships and part-time roles while in school, or consider adjacent roles to gain relevant experience. They also emphasize the importance of continuous learning and investing in professional growth throughout one’s career, given the rapid pace at which cybersecurity evolves.
Overall, the challenges faced by SecOps leaders highlight the critical need for addressing the skills gap, improving the effectiveness of commonly used tools, and fostering a culture of continuous learning and development within the cybersecurity industry. By prioritizing these areas, organizations can enhance their cybersecurity capabilities and better protect against evolving threats in the digital landscape.