A new Ernst & Young survey found that companies are willing to spend more money on security for their networks and the devices that connect to them. That’s the good news.
The bad news is that the survey respondents worry that they won’t be able to hire well-trained security professionals to handle the upgraded security systems. As eWeek explained, organizations feel their business’ security is hampered by the inability to hire skilled workers:
About 52 percent of the more than 1,800 organizations surveyed expect security budgets to increase, compared to 43 percent whose budgets will remain unchanged. More than half of firms identified the lack of skilled professionals as a major reason for their inability to bolster system security, according to the survey.
The survey confirmed what others in the security world have been discussing for a long time – as security threats rise, the lack of skilled security professionals continues at a pretty steady pace. And as I discovered this past spring, it isn’t just the lack of skilled professionals available, it is also the unwillingness of many companies to bring in someone without experience.
Perhaps the time has come to rethink the approach to security training. While there will always be a need for security professionals, an IBM employee is refocusing training by teaching computer science students to build security into their applications. In an eSecurity Planet article, Marisa Viveros, IBM’s VP of Cyber Security Innovation, explained how she has restructured some focus on security training on a university level. The article stated:
There is a lot of work going on in universities today in research efforts to help extend the ability of defenders to protect networks, she said.
Students in the IBM program are building honeypots in order to better understand the way hackers operate. Doing so allows students to be more hands on with the cybersecurity of their own university’s infrastructure.
Viveros’ approach tackles two primary complaints within the security industry: One is that applications haven’t been designed to handle security (a concern that we may see crop up more within the Internet of Things), and the other is that those graduating with security-related degrees don’t have real-world experience. Teaching software designers how to build security into their products and applications and teaching security students with hands-on learning opportunities could be the first step in changing how we think about securing enterprise networks and who is hired to provide that security.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba