We Can’t Hire Our Way Out

A few days ago we wrote a post about a research project Phantom just finished with the Enterprise Strategy Group (ESG) where we surveyed IT and cybersecurity professionals with knowledge of or responsibility for incident response processes and technologies at their organizations  (Download the full report).

Russell shared his take on a topic in the report that he thought was interesting: why Incident Response has become more difficult over the past two years.  Today, I’ll share another insight from the report that relates to the talent shortage we see in security (We’ve blogged about this topic in the past as well).

We asked participants in our research project what actions with regards to incident response they will take over the next two years?

ESG_palnned actions for IR

Let’s start at the bottom of the list.  Hiring more people is certainly one approach to deal with a growing problem, though in security this is a tough proposition.  There is much discussion on the global shortage of information security professionals with some estimates topping out at over a million jobs in 2016 alone, and others claiming even double that by 2017.  So as much as we might like to hire our way out of this problem, we might not be able to find the qualified candidates when we need them.

Two of the remaining responses relate to training the team you already have in place.  It’s hard to argue with developing employees.  It’s a great investment on many levels.  The reality is that your competitors recognize this as well.  I’m certain you’ve trained someone only to have them poached for a better opportunity.  We all have seen this happen.  So training is necessary and wise, but still somewhat fleeting on it’s own.

That leaves us with automation, where a third of the respondents indicated they planned to automate as much as possible in the next 2 years.  It actually can address the talent shortage by helping your team get more from less.  It also plays a role in training.  We have clients that view platforms like Phantom as a common environment to share knowledge across the team and develop more junior employees into seasoned pros.

If you are Interested in seeing how Phantom can help your organization address challenges like those identified in the research project, get the free Phantom Community Edition, and attend one of our Tech Sessions.

CP Morey
VP, Products & Marketing
Phantom

About Phantom

Phantom, an award-winning company, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: www.phantom.us.