Bridging the Skills Gap with Machine LearningIBM's Iyer on How Security Leaders Can Use the Right Tools to Tap the Right Skills
Given that India is expected to create more than 1 million cybersecurity jobs, as projected by NASSCOM, the critical question that strikes the security leaders is: Where and how are we going to find them? The cybersecurity skills shortage affected the entire global IT industry, enterprises, government and academia alike (see: How Will India Get 1 Million Cybersecurity Professionals?).
Numbers aside, there is a serious dearth of skills to match up to the dynamic nature of the security industry, says Vaidyanathan R. Iyer, business unit executive, IBM Security Solutions.
"There is a huge demand for key skills around data analytics, incident response skills, incident management, secure coding and predictive coding, etc., in the enterprises to fight new threats, and there is a severe shortage of the same," Iyer says.
While enterprises and academia are attempting several initiatives to bridge the skills gap and rolling out new courses, they are also looking for innovative ways to bridge the skills gap.
One recent phenomenon, Iyer says, is using analytics and machine learning techniques to fill the gap - helping security practitioners in learning skills to detect threats from large amounts of unstructured data.
"It's about augmentation of human ability, by taking over the mundane task and at the same time bringing in analytics and intelligence, which the human brain struggles to bring because of the volume," he says.
In this exclusive interview with Information Security Media Group (see edited transcript below), Iyer discusses IBM's recent cybersecurity initiatives around Watson, IBM's supercomputer that uses artificial intelligence and natural language processing to reveal insights from large amounts of unstructured data, and how security teams can leverage analytics.
Iyer also shares his insights on:
- Challenges faced by today's security professionals;
- Future skills requirements;
- New ways to bridge the skills gap.
Iyer is a management professional with 22 years of experience in information technology sales, marketing and training, and as a security lead at IBM. Prior to joining IBM, Iyer served as a country manager at Intransa Systems.
RADHIKA NALLAYAM: Given that the industry is grappling with the shortage of security skills, which are critical areas you find the greatest shortage of resources?
VAIDYANATHAN IYER: While shortage of skills and security resources overall is one concern, the enterprises are facing the resource crunch for critical functions around new areas, namely data analytics, response skills for incidents, managing incidents proactively, secure coding and predictive coding. It is not sufficient to have people - organizations need right-skilled people. Today, they have skills in abundance around the "prevent" side of security, for example network administrators. But there is lack of skills around the "detect and respond" aspect.
I think incident response will be one of the highly paid jobs in the market in the near future, and some of the leading universities will start offering courses in this area. Very senior professionals in the industry have taken on the role of incident response today because organizations simply can't find someone else. Incident response teams today need to have very sophisticated analytical skills and machine learning know-how.
The other challenge is how these security teams struggle to maintain speed and precision in the constantly changing threat landscape.
A Practitioners' Challenge
NALLAYAM: Having said that, what's the main hindrance that the practitioners face in their daily operations while securing their ecosystem?
IYER: The key challenge for the practitioners on a daily basis is to deal with the amount of unstructured data and the events emanating from it, which is huge. The average organization deals with over 200,000 security events per day, leading to 32 separate potential attacks daily. The time consumed to simply analyse this data is huge, with even the well-equipped companies wasting over 21,000 hours and more than a million dollars per year looking through security events that often prove to be a false threat.
Automation thus becomes a key aspect in achieving speed and precision. For instance, a mechanism to analyze behavioral patterns of human beings through social media and other methods gets critical. Similarly, if you're able to analyze all the events that are emanating from the big data structure, like social media and BYOD, you can actually define the threat profile of an organization as it evolves. The volume and velocity of data for such activities are so high that the organizations are going to require machine-level capability to handle it. It will otherwise be a big challenge for even the most skilled security person (see: CISOs: Prepare for Emerging Tech Risks).
NALLAYAM: Do you mean the traditional analytical and other automation tools have failed to address the challenge? Why is it so?
IYER: Automation is not a onetime panacea; it is an ongoing effort. Organizations have deployed various tools to detect malware, viruses and exploits. but it is not enough. The challenge is in analyzing the huge volumes of unstructured data and interpreting it real-time to address the business threats. It has been estimated that the world produces over 2.5 quintillion bytes of data every day, and 80 percent of it is unstructured, which can't be consumed by traditional systems. However, IBM analysis found that the security analysts can consume only 8 percent of this unstructured data, further complicated by the shortage in skills and expertise. This often comes in the way of analyzing new patterns while building an organization's defences.
NALLAYAM: Then, what's the new way to address the skills issue, and what kind of analytics do you recommend?
IYER: Cognitive security is going to be critical going forward. IBM's Watson is a good case in point. We are using this cognitive system for natural language processing and machine learning to reveal insights from large amounts of unstructured data, which in turn will assist practitioners in detecting threats early.
It will enable augmentation of a security analyst's ability in interpretation of data, by bringing in analytics and intelligence which the human brain struggles to bring because of the volume. We are well aware of the skills shortage both in India and at a global level. The demand for security analysts is increasing every minute, and yet supply remains.
Our Watson initiatives provide insights into emerging threats, as well as recommendations on how to stop them, increasing the speed and capabilities of security professionals. Watson will be trained to discover patterns and evidence of hidden cyberattacks and threats that could otherwise be missed. IBM will incorporate other Watson capabilities, including the system's data-mining techniques for outlier detection, graphical presentation tools and techniques for finding connections between related data points in different documents. For example, Watson can find data on an emerging form of malware in an online security bulletin and data from a security analyst's blog on an emerging remediation strategy.
Our idea is to eventually offer Watson as a service to organizations, which can then customize it based on the level of maturity of their security systems and requirements. We intend to begin beta production deployments of these services by later this year.