sans skills gap hiring survey results: reducing attrition
TRANSCRIPT
1
SANS Skills Gap Hiring Survey Results:Reducing Attrition, Increasing Effectiveness
John Pescatore, SANSDirector, Emerging Security Trends
2
Who Am I?
• Graduated with an Electrical Engineering degree in 1978, went to work at NSA
• US Secret Service working on secure communications, surveillance electronics – and bullet-resistant materials
• 11 years with GTE, telecoms and secure government systems
• Trusted Information Systems – first firewall company
• Entrust – first PKI company
• Lead security analyst at Gartner for 13+ years
• SANS in 2013
6
• Headcount gap vs. skill gap
• Is turnover/attrition really high in security teams?
• What reduces security team attrition?
• Best ways for new hires to be productive quickly.
6
Survey Focus
https://www.sans.org/webcasts/closing-critical-skills-gap-modern-effective-security-operations-centers-socs-survey-results-113485
77
Turnover/Attrition
• Hiring offset attrition 🡪Government being exceptionExpensive!
• Hiring offset attrition 🡪• Small companies seeing
highest turnover• Overall turnover
below IT industry average
88
Interviews: Turnover/Attrition Takeaways
� Efficiency/effectiveness of a security team is directly proportional to time spent working together.
� Attrition is lowest where� Burnout is avoided
� Individual skills and creativity are valued/rewarded/supported
� Tools (particularly open source) are used, enhanced and shared
9
• Major focus is time to productivity for new hires
• Tool fluency in use and extension/integration
• Less than 10 tools, more than 1
• Creativity and playing
• Interesting frequent comment: “It would also be nice if they know how to use corporate collaboration tools…”
Desired Tools Experience
10
Applying Those Levers
Shield
Eliminate Root Cause
Monitor/Report
PolicyAssess Risk
BaselineVuln Assessment/Pen Test
Secure Configuration
Mitigate
• FW/IPS• EPP/EDR• NAC
• Patch Management• Config Management• Change Management
• Software Vuln Test• Training• Network Arch• Privilege Mgmt
Discovery/Inventory
• SIEM• Security Analytics• Incident Response
ThreatsRegulationsBusiness DemandOTT Dictates