GUEST ESSAY: What it will take to train the next generation of cybersecurity analysts

By Gary S. Mullen

It is no secret that there is, and has been for some time, a shortage of trained cyber security professionals in corporate IT Security teams.  The Wharton School of the University of Pennsylvania observed that “nowhere is the workforce-skills gap more pronounced than in cybersecurity.”

Related: Deploying ‘human’ sensors’

According to data gathered by CyberSeek under a Commerce Department grant, there are currently nearly 465,000 unfilled cyber jobs across the US alone.  This shortage is significantly impacting corporate America, and it is particularly dire across federal, state and local governments.

The cyber security talent crunch has been a growing issue for many years now.  According to the 2019/2020 Official Annual Cyber Security Jobs Report sponsored by the Herjavec Group, the number of open cyber security positions has grown 350 percent from 2013 to 2021.  Cybersecurity Ventures predicts that there will be 3.5 million unfilled cyber security jobs globally by 2021.

Unfortunately, getting the hands-on experience needed to become a cyber security analyst is out of reach of many today.  In 95% of the hiring decisions being made for open positions, employers are looking for that hands on experience.

According to MIT Technology Review, fewer than one in four candidates applying for cyber security positions are qualified.

Mullen

Universities and community colleges simply do not have the capability to provide this threat hunting experience, making it difficult for graduates and certificate holders to secure employment, even at the entry level. And every IT position today has some IT Security component.

Every IT worker should be in the fight to protect corporate assets from cyber attacks.  “Unfortunately the pipeline of security talent isn’t where it needs to be to help curb the cybercrime epidemic,” says Robert Herjavec, founder and CEO at Herjavec Group. “Until we can rectify the quality of education and training that our new cyber experts receive, we will continue to be outpaced by the Black Hats.”

Growing need

The “Sandhill Road Effect”  — the continued investment in a glut of isolated, point security solutions —  is putting a strain on IT Security resources today.  Tools are siloed – they don’t share threat intelligence with other security tools – and require additional resources, training, and infrastructure to manage them and analyze the data from those tools to develop an aggregate view of their security risk. This additional data analysis need further strains limited IT security resources.

It is clear that the security industry is not resourced to fight hackers or AI-powered exploits.  While most cyber security vendors are focused on point products, PhishCloud and Four18 Intelligence are training the next generation of cyber security analysts!

PhishCloud and Four18 Intelligence are partnering together to level the playing field, making it possible for people from all backgrounds and locales to compete for jobs as cyber security analysts!

FOUR18’s TradeCraft Cyber threat Analyst Training and Live Internship Program, powered by PhishCloud and the FOURSight platform, combines up-to-date training in attacker tradecraft and attack campaigns with real-time coaching and analytics tools in a live threat data internship in FOURSight to develop hands-on skills of new cyber analysts and incumbent front-line critical infrastructure workers.

Fostering tradecraft

Having completed an inaugural pilot of the service in the first half of 2021, the partners successfully trained and placed more than 80% of a class of beginner analysts from rural Appalachia in Eastern Kentucky into their first jobs as remote cyber analysts.

PhishCloud and FOUR18 are now delivering the TradeCraft program as a standalone program to workforce boards or as a bolt-on to a college cyber training/certification program and to employers looking to hire, develop and retain skilled cyber talent.

PhishCloud founder and CEO, Terry McCorkle stated, “the resources gap within IT has reached a critical state, requiring cyber security vendors to get involved in solving an industry problem.”  FOUR18 founder and CEO, Mark Jaster added, “the partnership with PhishCloud enables us to offer an experience that is unmatched in cyber training and skill development.”

About the essayst: Gary S. Mullen is chief marketing officer at PhishCloud, a Seattle, Wash.-based supplier of comprehensive cybersecurity training services.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone