The cybersecurity labor market is suffering a severe workforce shortage. By 2019, the demand for talent is estimated to be about 6 million jobs, with a projected shortfall of at least 1.5 million skilled workers, according to Symantec's CEO Michael Brown.
In July 2015, the U.S. State of Cybercrime report from PwC, CSO, the CERT division of the Software Engineering Institute at Carnegie Mellon University and U.S. Secret Service showed that 79 percent of the 500 U.S. executives, security experts and others in both the public and private sector say they detected a security incident over the past 12 months. Raytheon and the National Cybersecurity Alliance found in their 2015 study Securing our Future: Closing the Cyber Talent Gap that education is not keeping up with the growing demand -- of the nearly 4,000 young people, aged 18-26 surveyed, 67 percent of men and 77 percent of women said no guidance counselor, secondary education teacher or career counselor mentioned the possibility of cybersecurity as a career
This doesn't bode well for companies looking to secure themselves and their customers data and information now and in the future. But there's another option -- a managed security services provider (MSSP) can cost-effectively and safely secure physical hardware, networks, data and information. It's a viable option for many businesses that can't find or can't afford to keep cybersecurity talent on the payroll, says David Barton, CISO at Forcepoint.
"With the worldwide shortage of qualified IT security candidates, using a reputable MSSP to help augment internal teams is a very good approach. Most MSSPs employ highly qualified and skilled talent who are able to manage and protect their customers' data," Barton says.
An MSSP can cover all the security bases for a company: Firewalls, intrusion detection and intrusion prevention solutions, security event and incident management, managed vulnerability and identity management solutions -- even first-level incident response. It can be difficult, especially in such a severe talent shortage, for companies to find talent to secure each vulnerable area, much less all three.
The issues of compatibility and integration are also front of mind for IT leaders, because with so many devices and tools, complexity quickly becomes an issue. That's one of the biggest problems an MSSP can help solve, says Mark Stevens, senior vice president of global services at Digital Guardian.
"There are so many tools for each threat vector -- firewalls, data loss prevention, intrusion prevention, an actual breach, malware, viruses, DDoS -- so, OK, maybe you go find someone, and you train them on all these tools you have, but that takes time. Suddenly, all the threats have changed, or maybe certain tools don't work with each other. The complexity becomes a real problem," Stevens says.
Sign up for CIO Asia eNewsletters.