Finding the right people for your Cyber Defense Center (CDC), your Security Operations Center (SOC), or just your IT Security team is challenging. Demand for skilled people exceeds supply by far. Thus, other solutions are required. Closing the skill gap requires three groups of actions:
- Education: Invest in education of your existing team and in young academics that might join your team.
- Services: Don’t try to do everything yourself. You only will succeed with a mix of own people and managed services. Managed Security Service Providers (MSSPs) can benefit from the economies of scale and complement where your team lacks skills or capacity.
- Tools: Use the right tools to learn about attack vectors, to identify incidents, to analyze and classify incidents, and to respond to incidents.
In the area, the steps to take are:
- Evaluate the potential in your current IT team – who has the analytical capabilities to become part of the Cyber Defense team?
- Work with universities or professional training for young people as the mid-term strategy.
However, education alone will not close the gap. MSSPs help in filling the gaps your own staff can’t cover. Here, you should
- Identify the capabilities your team does not have.
- Identify MSSPs that can support you in providing these capabilities, based on the toolset you select.
- Define services and processes altogether with the MSSP, which integrate with your approach on Incident & Breach Management.
While tools for themselves aren’t the solution, they are a mandatory element of the overall approach for a CDC. Tools help in identifying incidents, analyzing and classifying these, and in responding. However, the use of tools requires skilled people, thus training or MSSP support are a success factor. For selecting tools
- Understand your risk exposure and the potential attack vectors of both external and internal attackers and both targeted and mass attacks.
- Define your controls, within your Incident & Breach Management framework and processes.
- Start with a Cyber Security blueprint, identifying the technologies you have in place and identify the gaps.
- Identify which gaps are better covered by MSSPs.
- Define a meaningful, lean set of tools for filling the remaining gaps with the highest risk.
- Implement the tools, train your team.
Obviously, setting up your CDC and closing the skills gap requires an underlying ISMS (Information Security Management System), an approach for Risk Management, and a defined approach for Incident & Breach Management/Response.