How automation can help address the cybersecurity talent shortage

Gettyimages.com/gorodenkoff

Find opportunities — and win them.

Organizations that automate cybersecurity functions can address the need for more cyber professionals and better use existing talent to increase effectiveness and employee satisfaction, writes Tom Conway, director of federal systems integrators at Armis.

The federal government continues to face a serious skills shortage for cybersecurity professionals, an issue that by extension must also be addressed by government contractors.

This issue extends beyond the government to all sectors of the U.S. as well. The country only has enough workers to fill 85% of the cybersecurity jobs throughout the economy, according to research from Cyberseek, a joint initiative of Lightcast, the National Institute of Standards and Technology’s NICE program, and the Computing Technology Industry Association (CompTIA).

In light of this, the Biden-Harris administration announced in April 2024 an overhaul of the federal hiring process to attract more cyber workers to fill thousands of open positions in the government. While this directive certainly represents a necessary step forward, the government and its contractors should supplement these efforts by emphasizing the importance of applying automation to reduce the skills shortage.

By automating cybersecurity functions, organizations can not only address the need for cybersecurity professionals but also better leverage existing talent in ways that can increase workforce effectiveness and employee satisfaction.

The shortage of cybersecurity talent remains a longstanding challenge in the federal market. Many observers have noted the difficulties confronting the government and its contracting community in terms of the ability to offer the salaries cyber professionals often demand.

Due to the size and geographic expanse of the federal government, government agencies and contractors also require many entry-level cybersecurity workers to frequently focus on mundane and less interesting tasks related to the discovery of vulnerable assets spread out across their environments.

These discovery tasks require extensive manpower if not automated and are often viewed as less rewarding when it comes to job satisfaction.

These tasks are ripe for automation. By automating, agencies and contractors can more effectively deal with the three major aspects of their cybersecurity challenge: volume, variety and velocity.

In the case of volume, government agencies and contractors – due to the very nature of their mission – must manage a huge number of devices over an enormous area throughout the country or even the world. This multiplies the requirement for a large workforce capable of monitoring such a large variety of assets.

Likewise, the government operates across a broad range of mission areas, requiring agencies and contractors to maintain an equally broad range of physical and virtual assets that extend beyond IT, such as operational technology, the internet of things, building management systems and more. Again, this increases the need for more staff than might be needed in a more singularly focused environment.

Finally, the velocity factor – the ever-increasing evolution of threats to critical government missions – also amps up the importance of the discovery process in areas where attacks can have life-or-death consequences.

Automation, especially automated processes powered by the cloud, addresses all three of these challenges by decreasing the need for personnel to handle mundane and otherwise manual tasks associated with discovery, freeing scarce resources to focus on the analysis of collected data.

Additionally, establishing a common cloud-based platform for tracking assets creates more opportunities to apply artificial intelligence and machine learning tools for even greater efficiencies as well as for sharing intelligence with other agencies.

Some federal agencies have begun this process of automation, but very often this activity is performed in silos, limiting its value. But even in those circumstances, we are already seeing significant progress in areas where these capabilities have been deployed.

For example, a large defense agency with an extensive global footprint has successfully leveraged cloud-based automated processes for tracking and managing a wide variety of assets, including medical devices, patient monitoring systems and OT. Working with its contractor partners, this agency is able to more efficiently safeguard its infrastructure and securely achieve its mission.

We now need to learn from the success of this one example and scale it. One way to do this would be by embracing a whole-of-nation approach to automation, leveraging public-private partnerships to address this challenge holistically. 

The process is now underway to better leverage those already in the workforce to reduce the gap created by the skills shortage, while not sacrificing security or efficiency. Agencies and contractors can solve their cybersecurity talent challenge by continuing to embrace automation. The process has already begun, but should be continued and expanded beyond silos.

We’ll always need talented cybersecurity professionals to serve the government; therefore, we should leverage their talents on higher value analytical tasks versus the often mundane manual tasks they are too often burdened with currently.