The following is a Q&A with Ron Winward. Ron is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cyber security service providers around the world.
Behind every new hack or data breach, there’s a company scrambling to put out the fire. That’s good news for cyber security professionals with the right skills. However, between shortages in qualified security professionals, evolving attack vectors, and new DDoS mitigation capabilities and deployment models, organizations looking to safeguard themselves can be left in a difficult position when it comes to finding the best talent, whether it be in-house or outsourced.
What skill sets are necessary for the 21st century security professional? How is automation affecting the role of security professionals? Where should organizations look to find the best talent? This piece answers all those questions and more.
Seeing that cyber-security solutions are becoming increasingly automated, what will be the role and what skill sets will be required for the next generation of security experts?
It’s a case of fighting fire with fire. As threats have become increasingly dynamic and automated, DDoS detection and mitigation solutions are rising to the challenge with their own increase in automation and adaptability. According to Radware’s Cyber-Security Perceptions and Realities: A View from the C-Suite report, 38% of IT executives throughout the United States and Europe indicate that automated security systems – such as machine learning and AI – will be the primary resource for maintaining cyber security within the next two years.
But it presents a catch-22 for the next-generation security professional. As a security professional, when you’re increasingly relying on automation to defend the network, you’re not “practicing” or fine tuning your skill sets. The DDoS mitigation solution is doing a lot of the heavy lifting and the network security professional is receiving and digesting reports. This can create a void in skill sets due to lack of “practice.”
There will always be times when a network security professional will have to “jump in” and manually tune or configure a policy or setting. In addition, professionals need to stay afoot of rapidly emerging attack vectors, hackers’ trends and newfangled mitigation capabilities.
The next generation of cyber security professional will become an “orchestrator,” responsible for monitoring and managing an integrated suite of DDoS solutions that form a comprehensive, hybrid system for the organization. Necessary skill sets will include attack signature recognition, policy generation, configurations, vulnerability mapping, attack forensics, etc.
To supplement these skill sets and allow security professionals to stay afoot of the threat landscape and provide assistance when she or he has to “jump in,” partnering with a DDoS mitigation vendor that provides 24/7 security services via a team of experts will be increasingly important. With the threat landscape and DDoS mitigation capabilities evolving and expanding so rapidly, it’s difficult for any one organization to have all the necessary in-house expertise when the time calls for it.
Has the rise of IoT devices and botnets impacted the skills required for security professionals?
Absolutely. Given the sheer volume that an IoT botnet can unleash, it means security professionals have to react to new threats immediately. Attack signature recognition and comprehension gains increased importance. Botnet-based attacks underscore the fact that it is incredibly difficult for security professionals to comprehend the full threat landscape.
Take Mirai for example, considered by most to be the first open source botnet. It’s a double-edged sword. On one hand, it provides security professionals with the ability to study the underlying code, dissect the botnet and therefore develop new countermeasures. However, it also allows hackers to manufacture new versions for nefarious purposes, thereby expanding the threat landscape exponentially.
As is always the case, knowledge is power. It’s critical that cyber security professionals stay abreast of these threats via the resources that experts and industry leaders provide.
According to many reports, over the next five years there will be a significant shortage in cyber security professionals. How will that impact organizations’ ability to safeguard themselves?
This is a natural progression because both the threat landscape and the network/IT infrastructures they target are growing but the number of cyber security professionals is not increasing as rapidly. Overall, it’s becoming increasingly difficult to find good talent. Network and cyber security jobs aren’t drawing as many candidates as other IT and technology-related jobs, such as developers and programmers.
This issue highlights the broader topic of how companies manage cyber security in an age of digital transformation, changing regulatory landscapes and dynamic cyber threats. Cyber security isn’t just a manpower game; it’s also a question of expertise. The good news is that expertise can reside both in-house or can be found at a partner.
For many organizations, it doesn’t make sense to hire expensive people but rather rely on a partner instead. According to the Cyber-Security Perceptions and Realities: A View from the C-Suite report, this is becoming an increasingly popular trend. Globally, 32% of respondents say they count on a security provider (such as an ISP or carrier) to provide protection.
Relying on a carrier, internet or cloud service provider is a popular approach to managing security because it provides a “worry-free” way to manage security with a carrier that the organization has a long-standing relationship with. However, how sophisticated is the ISP/carrier’s security infrastructure? Can it keep the organization up and running even during a large or complex attack? Will it offer the organization a mitigation service, or does it “blackhole” or cut off all traffic while under attack? It’s key to understand how this management practice might inadvertently affect multiple customers’ systems, and managing and interacting with these partners is becoming an increasingly important responsible for security professionals.
The third option is engaging with a specialized cyber security vendor to manage across on-premise and cloud solutions. This is becoming increasingly popular if the cyber security vendor provides hybrid protection for the organization’s physical and cloud-based infrastructures, which is critical given the wide array of cyber-attacks now available to hackers.
Given recent high-profile incidents involving state-sponsored cyber-attacks and the importance of national security, what role does nations’ militaries/national security agencies play in developing cyber security experts for the private sector?
Some of the very best network and security professionals I’ve worked with have come from the military and/or government agencies. Often, they train on the most advanced and secure networks in the world and emerge in the private sector with incredible experience. Personally, I believe it’s the best candidate pool.
However, there is talent to be found everywhere; organizations just have to know where to look. Leverage conferences, networking, LinkedIn groups, etc., to uncover the best cyber security professionals. Ultimately, organizations really have to be hunters when it comes to discovering the best people.
In addition, organizations should increasingly consider ex-hackers. According to the Cyber-Security Perceptions and Realities: A View from the C-Suite report, this is becoming an increasingly popular trend amongst IT leaders and C-level executives. In Europe, 58% said they were very or extremely likely to do so, while one out of three U.S. executives expressed their willingness to do so.
Hackers will think outside the proverbial box and can therefore assist with vulnerability mapping and forensics. Further, hackers tend to share information and openly discuss offensive tools and tactics. Most organizations don’t or do so to a much lesser extent.