Facing Staffing Challenges? The ThreatQ Platform Can HelpMARC SOLOMON
It may surprise you to learn that new research by CompTIA finds only 30% of the cyber workforce is in the 19-34 age group, with 52% between 35 and 54. You’d think more people entering the workforce or in the early stages of their careers would be turning to cybersecurity given the rise in headline-grabbing cyberattacks, an urgent need for cyber security professionals, a proliferation of high-quality cybersecurity degree programs and certifications, a record number of job openings and competitive compensation. Unfortunately, the numbers reflect otherwise.
Experts have commented extensively on what can be done to attract young people to the field. So here, I’m going to focus on how the ThreatQ Platform can help current security teams address staffing challenges by working smarter, not harder.
- Automation. For years we’ve hesitated to automate due to the fear of being burned when machines quarantine a system or block a port on a firewall in error. Now, technology has advanced to where we can fine tune automation and optimize it for our unique environments. Balancing automation with human intelligence and analysis allows teams to always have the best tool for the job.
With the ThreatQ Platform you can automate repetitive, low-risk, time-consuming tasks, while human analysts take the lead on irregular, high-impact, time-sensitive investigations with automation simplifying some of the work. This approach to automation can also help with retention and recruitment. When analysts know an organization has systems in place to mitigate burnout and allow them to spend more time on interesting, strategic activities, they are more likely to be stay and even help spread the word that your company is a great place to work.
- Collaboration. When you offload time-intensive and manual tasks that bog down Tier 1 analysts, this frees them up to transition to Tier 2 and Tier 3 activities. Now you have an opportunity to rethink how you allocate this larger team across strategic activities like incident investigation and response. Instead of a traditional escalation model where Tier 2 and Tier 3 analysts work independently and have limited visibility into tasks others are performing, consider flattening the organizational structure and adopting a collaborative model.
ThreatQ Investigations offers a single collaborative environment, fusing together threat data, evidence and users. Tier 1 analysts can up-level their skills more quickly, and all team members can share information to improve investigation and response. Rather than working in parallel, analysts can automatically see how the work of others impacts and further benefits their own work. They can use that knowledge to pivot and accelerate investigations that are separate but related. ThreatQ also stores a history of investigations, observations and learnings about adversaries and their tactics, techniques and procedures (TTPs). Analysts can search for and compare indicators across the infrastructure and find matches between high-risk indicators and internal log data that suggest possible connections. Embedding collaboration into the investigation process, analysts can work as a team to explore every corner of the organization, pinpoint adversary TTPs and remediate malicious activity more effectively.
Since it’s difficult to hire more people to address security challenges, you need to consider how technology can become a force multiplier. With the ThreatQ Platform you can give analysts a chance to focus on high-impact work and step into new roles supported with a solution that enables balanced automation and collaboration. This sends a clear message that you are committed to helping teams work smarter and build their skill sets, which not only strengthens security for your organization, but encourages retention and recruitment.