Good Help is Hard to Find




I saw this picture the other day and it struck me as the perfect explanation of why it's so hard to find the "right stuff" when it comes to hiring cyber security talent. The actual image that got me thinking about the dearth of talent, however, was shared privately. OpSec being what it is I didn't want to re-post pictures of friends of friends, so I did the next best thing. Instead I found a suitable meme image (below). I'll get back to the image in a moment.

Take It Easy

The Cyber Security Sector is Growing

The US Bureau of Labor Statistics (BLS) just published a new Occupational Outlook Handbook last December. They project that the ranks of Information Security Analysts will grow by 18% by 2025. This is well faster than the baseline growth rate of 7%, and should amount to some 82,900 more Black Hat attendees by 2025.

I want to applaud the BLS for the way they artfully and correctly dodged the question of how to define the "Information Security Analyst". To quote:

"Information security analysts plan and carry out security measures to protect an organization's computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases."

It is clear to me that they really did study the field carefully before writing that description.

Of those 82,900 new jobs, many will be entry level. However, a significant portion will need to be staffed by highly skilled experts in the field. I'm talking about operators who have experienced that moment of vertigo that accompanies the discovery of the smoking gun that clearly shows that you are well and truly pwned. I'm talking about that level of talent and experience where the researcher or analyst seems able to smell malicious activity in and amongst Internet background radiation. I'm talking about folks who appear to read pcap files at wire-speed. Either way, it comes down to a strong aptitude for detecting patterns, and a good history of patterns to match against.

Pattern Matching

As much as we may hate to admit it. The operational nature of security today is all about detecting anomalous patterns and resolving the anomalies or correcting the detector. The challenge is being able to see the forest from the trees. It's easy to dismiss a single strange packet, but what about a single strange packet once per day?

Let's get back to that image. If you know your 70's classic rock music this one is easy. The song that would be going through your head is Take It Easy by the Eagles. That's a statue of Don Henly "Standin' on the corner in Winslow Arizona", and a reflection of a flat-bed Ford in the window. If everyone learned the same way and had the same approach to detecting patterns, this might be an easy problem to solve. Exposing up and coming security operators to a diverse set of experience is the easy part. What I want to know is how do we improve the process of finding and attracting the folks who are really good a detecting patterns?


As an industry we need the whole spectrum of talent. The grand masters and newbies, the suits and the black t-shirts. Gender, ethnicity, socioeconomic background are all critical. The more diverse your team is, the more patterns you will have on file and approaches to pattern matching you will have at your disposal. Diversity itself is not enough. To have a true rock-star team they all must work well together. If your people aren't getting excited about discoveries and sharing them with their peers seeking a wider insight, then what you have there is a really expensive ping pong team. With that in mind, the question I leave you with is this: how do we find and nurture the future security experts industry so clearly needs?

Ben April is the Director of Engineering for Farsight Security, Inc.