DX Acceleration Uncovers Security Talent Gaps

Photo credit: iStockphoto/metamorworks

In recent years, digital transformation and modernization initiatives have gained a significant uptick across industries as part of their efforts to remain viable in an increasingly competitive market.

According to F5's latest State of Application Services (SOAS) Asia Pacific report, which surveyed nearly 2,600 respondents globally (with 1,300 respondents in Asia Pacific), four out of five organizations in Asia Pacific have reported the integration of digital strategies as part of their plans to increase productivity, boost efficiencies, and enhance customer experiences. These strategies can easily range from implementing internal and external-facing applications for business automation, adopting IoT devices and networks, all the way to moving their entire infrastructure to the cloud.

But as organizations adopt digital services and form far more complex environments with higher traffic data, their attack surface widens substantially. These challenges are amplified because of the talent shortage faced by the security industry today, with findings from the SOAS report revealing that 76% of organizations carry a security skills gap, with more than half (53%) attributing it to the indiscipline of protecting their applications from attack and breach.

As a further indicator of such estimates, the (ISC)2 2019 Cybersecurity Workforce Study also reported that there are currently over 2 million unfilled vacancies in the cybersecurity sector in Asia Pacific. And while the short and obvious solution to closing this skills gap would be for organizations to invest more in outsourcing the right talent, the skills they carry may also risk becoming inadmissible as technology advances, making such efforts unsustainable.

So, there lies the question — how can we best approach this security skills shortage and turn it into an opportunity?

Building a robust technology ecosystem through collaboration

Earlier in February, Singapore’s Deputy Prime Minister Heng Swee Keat announced in the Budget speech that mid-career workers up to 50 years of age will receive up to SGD 1,000 in SkillsFuture credit to encourage them to learn new skills and move into growth industries. Under this initiative, IT professionals can also apply for programs like TechSkill Accelerator (TeSA) to upgrade and acquire skills that tie back to emerging technology trends like cybersecurity, artificial intelligence and Internet of Things.

However, a more comprehensive and collaborative approach needs to be taken. Rather than placing full reliance on our country’s Smart Nation plans, both the government and organizations can take proactive measures together to develop an effective and sustainable security strategy.

Take Google, for example. Instead of implementing regular employee upskilling programs, the company partnered with Singapore’s Info-communications Media Development Authority (MDA) to develop a Squared Data & Analytics training program for young professionals, as part of its wider plans to strengthen the local technology talent pool. On the other hand, companies like Razer and Grab have placed an emphasis on the cutting-edge technologies they work with, and the opportunities for growth and innovation that prospective employees can receive to attract talent.

To address the security skills gap, similar measures of fostering strong collaboration between the government and organizations should also be put into place as both parties work toward a shared goal of driving innovation.

DevSecOps to the rescue

As organizations move their legacy applications to the cloud as part of their digital transformation efforts, implementing a DevSecOps approach can also play a part in bridging the security skills gap. In fact, a Gartner survey reports that 80% of development teams will incorporate DevSecOps approaches by 2021, up from 15% in 2017. With DevSecOps, security now becomes a shared responsibility across software development and IT operations teams — with an end goal of deploying faster, more efficient, and secure software.

This integrative and collaborative nature of DevSecOps will allow security teams that once worked in silos to enable developers to adopt security controls that automate security into the pipeline and ultimately lessen the demands and pressures faced by organizations from the current security skills shortage.

As technology becomes the linchpin for the economy, organizations need to generate sustainable opportunities and initiatives to help ride this growth. Rather than adopting a passive mindset and placing reliance on government efforts, organizations should also play a role in bridging the current security talent deficit. With the right tools in place, the possibilities to establish a talent pipeline that progresses just as fast as the industry are endless.

Mohan Veloo, vice president of technology for Asia Pacific and Japan at F5 Networks wrote this article. The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Photo credit: iStockphoto/metamorworks