As cyber attacks increase in volume and variety, there is a dire shortage in the skillsets available to combat them. Of the roughly one million cyber security positions in the U.S., more than 300,000 are currently unfilled, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education.
The talent gap has become especially urgent among government agencies, so much so that President Donald Trump recently signed an executive order to improve the government’s cyber security workforce. It includes measures such as rotational assignments and new training and mentoring programs.
Most organizations, both public and private, are already struggling just to maintain security programs in today’s ever-changing attack landscape. Cyber security professionals are juggling the need to: prevent threats; integrate security technologies; train staff and users; troubleshoot issues; work on one-off projects; and stay up-to-date on the threat landscape. If a cyber incident occurs, this mass of responsibilities gets put to the side.
For government agencies, these challenges are compounded by strict hiring practices – multiple layers of security clearances – and not being able to match the cyber security salaries paid by private-sector tech companies.
Even a federal program that offers incentives to fill cyber security gaps within agencies is falling flat. The General Administration Office reports that less than 6 percent of federal employees are taking advantage of bonus payments for special training, student loan repayments, or recruitment of security talent, for example.
These staffing and skills challenges have a knock-on effect, in that they:
- Heighten the risk of not being able to keep pace with threat intelligence and quickly recover should the agency suffer an incident or breach.
- Put extra strain on existing teams, which can have an adverse effect on job satisfaction and work quality.
There is no such thing as waiting out this cyber security skillset crisis. Government agencies need a backup plan. Or rather, backup support staff.
A New Way to Address the Talent Gap
Most organizations need to tap technology contractors at one point or another. It may be for one project, role or program, with the purpose being to help bridge a gap.
So, why not apply the same model to cyber security staffing?
Expertise On Demand can be that bridge, giving government agencies access to knowledge and skills when and where they need them. It is an annual subscription that provides access to FireEye services and threat intelligence within a flexible consumption model.
In a recent podcast, Gareth Maclachlan, FireEye VP of Strategy and Product Management, used some excellent language to describe it: Expertise On Demand backstops the team you already have. We’re in the virtual cube next door that can be used as an extension of your own team.
Expertise On Demand taps not only people, but also dataset knowledge to offer government agencies whatever expertise they need, when they need it, including:
- Analyst expertise. Need a threat hunting analyst or an incident responder? Enhance existing security operations by providing side-by-side access to specific threat insights and security skills, including malware reverse engineer, simulation attack specialist, security threat protection analyst, and more.
- Threat insight. Need knowledge of a specific type of malware, adversary, or geopolitical incident? Increase situational awareness without having to develop an internal threat intelligence analysis capability, while keeping pace with the evolving threat landscape.
- Operational excellence. Upskill teams and transform security programs with expert training from elite FireEye security practitioners.
Another benefit of the Expertise On Demand flexible consumption model is having access to surge capacity, which enables agencies to scale up or down as needs change. For example, FireEye’s incident response team is rapidly enlisted should a breach occur.
Reduce Risk and Burden
Like all organizations struggling with the cyber security talent gap, government agencies are typically understaffed and overburdened. There is rarely time to stay current with the latest attack vectors. By subscribing to Expertise On Demand, the risks associated with a lack of in-house skillsets are reduced.
Whether a security team is a single person or a large operation, FireEye can provide the Expertise On Demand that complements and completes that security team, helping to provide the world-class security that agencies deserve.
Check out the FireEye Expertise On Demand page for more information.