Analysis skills lacking as security data piles up, consultant warns

Organisations are able to collect more data about security breaches than ever but face an ironic challenge because most still lack the skills to effectively interpret and act upon that data, a security consultant has warned.

Despite years of investing in security information and event management (SIEM) tools to improve analysis of security data, C-suite leaders still haven't invested in the right staff to support the rapid growth in data volumes, Alexander Moss, US-based managing partner at security consultancy Conventus, told CSO Australia.

“The C-suite wants to be secure and compliant, and to manage their budget as best they can, and they are putting down governing rules to say that they've attempted to be secure,” he explained.

“We keep putting in all these new technologies – and the neat thing about software-based solutions is that they generate data. All this investment has created a monumental amount of data just sitting there in the background. A lot of it is garbage data, and a lot of it is important – and people are having a hard time differentiating between the two.”

C-suite leaders had not yet adjusted their hiring patterns and mindsets enough to compensate for the shift in demand, he warned.

As a result, IT leaders were still being relied upon to not only implement appropriate security solutions, but were also being expected to apply specialised data-analysis skills that they almost never actually have. Investments in correlation-based SIEM tools had been a comfortable middle ground for many, but increasing data volumes meant over-reliance on those relatively limited tools was often masking important security events and trends.

“The skill set in IT, and the people you typically have in IT – and particularly in IT security – are not data analysts and certainly not data scientists,” Moss said.

“In thinking that we have this wealth of data – and I would argue that IT security probably has more data than any other division in the organisation – we still don't have the talent to analyse, digest, and consume it to look for patterns and anomalies.”

That put IT-security practitioners on the opposite end of the scale from marketers – another data-hungry part of the business that is filled with analysts that had long struggled to find ways to get enough data on their target markets.

“The biggest problem for them was getting that data,” Moss said. “IT has the data but we don't have the talent. It's not a knock on IT people – they're smart people – but it's a different discipline.”

Fixing this discrepancy would require business executives to shift their investment from simply pushing IT leaders to implement security tools, to adapting recruitment and training initiatives in a way that allowed organisations to broaden their definition of what an IT security professional should be able to do.

“Hopefully what we'll see is that more and more companies are going to invest in hiring talent,” Moss explained, noting that some of Conventus' largest clients were only starting to take the psychological step towards sourcing broader analytical skills.

“They'll be saying that we don't need an IT security expert – we need someone that is truly a data analysis expert. This will be someone whose job is not necessarily to understand the minutiae of the data, but their job is to interpret and understand trends or anomalies in that data. This requires digesting data from a data analysis standpoint, and not from a traditional correlation perspective.”

Join the CSO newsletter!

Error: Please check your email address.

More about CSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts