Trend Micro takes multi-pronged approach to narrowing the gaping cybersecurity skills gap

By Byron V. Acohido

Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast.

Related: Gamification training targets iGens

Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously. The result is greater productivity, standardization, innovation and the ability to scale up.

But the downside of accelerating technical updates to market is the inadvertent creation of new loopholes for cyber attackers to plunder. Just as fabric is weakest at the seams, an organization’s processes are most vulnerable to where they connect.

Businesses then are faced with the added pressure of having to add more and layered  security measures across everything from end points to networks and even the cloud.

Meanwhile, the shortage of professionals with cybersecurity skills has long been identified as an industry problem that’s only getting more dire. It’s estimated that 1 million to 2 million positions will go unfilled over the next couple of years. Implementing a DevOps culture is worsening that skills gap by adding fresh security demands, further tapping the already-shallow talent pool. However, DevOps and cybersecurity efforts aren’t necessarily at odds.

I had a chance to speak with Mark Nunnikhoven, Trend Micro’s Vice President for Cloud Research, at Black Hat USA 2018Trend Micro, a global leader in security solutions celebrating its third decade in business this year. We discussed DevOps and the cyber skills gap and some of the ways Trend Micro is helping bridging this chasm. For a full run-through of our conversation, please listen to the accompanying podcast. Here are a few major takeaways:

Silos must be dismantled

Barriers between software developers and IT operations must be broken down. Balancing speed with security should always be a high priority; organizations can no longer afford to take a piecemeal approach. Instead, collaboration and integration among teams is needed to simplify defense.

Don’t count on more warm bodies

Throwing more humans at the problem is not an effective solution, nor is it possible in the midst of a cyber worker shortage. As security problems morph, there will never be enough people to adequately address new breach scenarios.

New job description

A cybersecurity professional’s role must be redefined as that of a teacher, sharing knowledge with others in the organization about how best to make informed decisions to achieve the common goal of enhanced security.

Nunnikhoven is adamant that training people, teaching DevOps and other teams throughout an organization how to do security work is what’s needed. “It really is everyone’s responsibility,” he said.

Real-world approach

Trend Micro takes a multipronged path to meeting these needs. It operates five education centers around the world offering six-week, intensive training programs, ultimately putting about 200 new workers in cyber jobs per quarter. Trend Micro also holds 20 Capture the Flag events around the world, providing another source of training and talent for companies seeking skilled workers.

More automation is needed on the product and technology side of things, Nunnikhoven said. Increasingly technical solutions, such as machine learning, must be employed for security control. The collaboration that’s inherent in DevOps methodology must be tapped to bridge the divide that up to now has been pervasive among an organization’s various teams.

Blended solutions


“There’s no one thing that’s going to solve the people side. We’re trying to make sure when a human needs to be involved in something that it’s actually really important and deserves a human’s attention,” Nunnikhoven said. “The rest of the stuff is delegated out to systems and security controls. Let the computers and systems take a lot of the grunt work away from us. No one thing will solve this (skills gap).”

“Security can be integrated into everything and is not a burden, but a way to speed up everything you want to do,” Nunnikhoven said.

In a somewhat illogical twist, more intelligently deployed humans, along with more automation, will ensure that fewer bodies will be needed in the long run to maximize security.

Today, encouraging efforts are underway to get more people involved in cybersecurity, and to get more girls and women involved in STEM and IT and security. Nunnikhoven sees the old guard of security beginning to shift, with technologies integrating throughout to further an enterprise’s efforts.

Organizations will do their best by aligning people toward a common goal.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Last Watcdog’s Denise Szott contributed to this report

(Editor’s note: LW has supplied consulting services to Trend Micro)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone