Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: What are your Security Challenges for 2018? - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
What are your Security Challenges for 2018?

We are almost at the end of another year. Last year I wrote a diary on Talent Shortage [1] and from what I have seen, it is still difficult to find the right people with the right skills [2]. I read more than ever, enterprises have to start coming up with creative recruitment strategies to hire the next generation of security professionals (IP-based skillsets) and develop strong training programs to bring them up-to-speed with the right security skills needed to defend or audit their enterprise. Obviously, you can learn a lot of things in a classroom but some skills can only be acquired in the real world. Anyone willing to learn or is curious about how attacks methods works and how to defend against them, has strong ethics and problem solving skills sound like a candidate you might want to coach and hire.

Technologies are rapidly evolving and changing; keeping on top of all of them is difficult and not really possible. I think it is becoming important to specialize whether it is offensive (pen testing and audit) or defending networks. Don't get me wrong, I believe it is important to have a strong understand of both but I think at some point picking a side (auditing or defending) is the right thing to do.

Last but not least, cybercrimes are going to continue to grow and be more focus against selected products (corporate "secret sauce"), user data, groups and employees. Malicious actors are always looking for new methods to gain access, steal data and sell it to whoever is willing to pay for it.

What are your predictions for the coming year?


Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu


417 Posts
ISC Handler
Recruiters still looking for people to fill jobs who are in it strictly for the passion, no desire for life long learning = no-go in this field.
I agree that the talent pool from which to draw is rather shallow. There are numerous universities offering degrees in infosec now, which is a good thing but what I've seen over the last few years hasn't been terribly impressive.

I worked for a smallish options exchange where there were a very few people involved in netsec/infosec. We handled all firewall changes, proxies, TACACS, SIEM, A/V, operations, yadda yadda yadda. We needed capable people with fairly diverse skillsets. We interviewed tons of people just coming out of school or still in school for an internship over a period of a few years. I realized that those coming out of these programs were really only trained on the infosec side of things, and had no understanding at all of anything on the network. No concept of firewalls, proxies, no understanding of TCP/IP or the OSI model.

I wasn't expecting to bring someone on board straight out of school that would have all these skills, but I at least expected some of them to be familiar. I found none of them bothered to install the various open source tools and operating systems to tinker with anything. That kinda blew my mind. In an era where hardware is relatively cheap and virtualization is free, not one interviewee had bothered. I imagine we interviewed between 30 & 50 candidates.

I now work for another exchange, and won't be involved in the interview process or attempting to track down talent. I'm glad that's the case, too.

Perhaps I expect too much. Dunno. I saw a lot of people that were going to be entrenched in relatively low level ops work for a long time.

9 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!