Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Great cyber security needs great people

October 2016 Editor's Choice, Information Security, Infrastructure, Conferences & Events

By Michael Xie, founder, president and CTO of Fortinet.

As chief technology officer, my primary mandate is to develop technologies to help our enterprise customers improve their security postures. As we crossed our 300-patent milestone after 16 years in the business, I am encouraged by the good progress we have made.

In recent times, however, it has dawned on me that powerful as they are, our solutions are not reaching their full potential in all the organisations where they are deployed – thanks to a dire shortage of cyber security professionals to harness them. This is a global phenomenon, and we have reached a stage where cyber security manpower development cannot be put off any longer.

One may assume that with greater automation and the advancement of technology in general, the dependency of cyber security on human beings has fallen. The truth is quite the opposite. According to Frost & Sullivan, more manpower is needed for the following reasons:

• More sophisticated and persistent cyber threats. The rising sophistication of cyber threats is not just to accomplish a singular goal (e.g., steal sensitive information), but to be persistent and effective over an extended period of time. To achieve these goals, evading detection and, if detected, silently adapting to either continue or reappear later are part of the hacker’s operating principles. Consequently, identifying compromises and qualifying their severity requires constant diligence and deep pockets of expertise. A high degree of talent, knowledge, and time is also needed to thoroughly root out discovered compromises.

• Larger IT footprints. The growing ubiquity of mobile devices used for business, both corporate-issued and personally owned, and the increasing adoption of cloud services, contribute to a larger IT footprint to protect. The raft of mobile devices (manufacturers, operating systems, and models) and cloud environments (service models and providers) add to the challenge.

• More security technologies. Evasiveness of threats and a growing IT footprint require next-generation security technologies to replace and supplement in-place technologies. With this, the security operations team has more dashboards to view, dials to turn, and alerts and reports to examine.

• Self-inflicted wounds. No one is perfect and perfection cannot be expected in an IT world of perpetual change. Configuration errors and oversights have and will continue to occur. Similarly, end users will have lapses in judgement (e.g., clicking on an untrusted link). This means re-do and recovery will continue to be a routine part of security professionals’ activities.

In the face of the cyber security manpower shortage, the industry has made some stop-gap efforts to deal with the issue. Various organisations are developing machine learning and automation technologies that try to substitute human beings in analytical work. There are also attempts to create artificial intelligence to discover and respond to security threats.

In addition, I expect the industry to continue focusing development efforts on technologies that can let businesses deploy security with minimal manpower. Such technologies include cloud-based security platforms that can help resource-lean SMBs manage or increase visibility, as well as security solutions that can be managed remotely by mobile devices.

Commendable as these efforts are, they are no replacement for the flesh and blood of real IT personnel. Intelligent cyber security technologies can only take the place of human decision making as an initial filter (take a look at what trading algorithms have done to the modern stock market). At the end of the day, both artificial intelligence and human operators need to work together. Without the human element, larger and larger swaths of the world will suffer from poorly implemented cyber security – security tasks will be sub-optimally done, leading to greater vulnerabilities in cyber defences and inefficiently run security departments.

On the security technology provider front, we can expect to see more consolidation in the near term. A dearth of security practitioners will make it hard for small vendors to both develop their technology and expand headcount, putting pressure on them to merge with larger solution providers.

To successfully groom cyber security talent, all stakeholders in the industry must come together – not just technology providers, but governments, regulators, educational institutions, services providers and end-users. There must be more concerted setting of the security education agenda, curriculum development and knowledge transfer, funding and internship programmes.

If you aren’t sure you will make a good cyber sleuth? Just ask yourself a few questions. Did you grow up reading Agatha Christie? Do you have a natural inclination for investigation and discovery? Do you love connecting dots and reading minds? Is good triumphing over evil important to you? Do you enjoy using technology to solve everyday issues and improve lives? If you have answered yes to all these, the industry needs you.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Winners of the 2025 Southern Africa OSPAs
Editor's Choice
The winners of the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs) were revealed on Wednesday, 4th June, at Securex South Africa. Winners from all categories (except the Lifetime Achievement) will be featured in the second Global OSPAs set to take place in 2026.

Read more...
Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.