Cybersecurity Awareness Month: Tackling the Unsustainable Skills Challenge in Cybersecurity and Observability
Posted by: Ben MartinMooney
Author: Nick Heudecker, Senior Director, Market Strategy, Cribl
In the rapidly evolving fields of cybersecurity and observability, a significant disconnect threatens to undermine security teams across the industry: developing and maintaining skills. As enterprises find themselves navigating a sea of tools and technologies, the complexity of managing this diverse ecosystem is reaching a critical point. Hiring is difficult already. Stacking a laundry list of esoteric skills on a job description only makes it harder. Let’s look at some of the causes of the skills challenge and explore some potential remedies.
The overwhelming tool sprawl
First up, tools – or at least the number of them in use. Imagine the task facing security teams today, who, on average, juggle nearly eighty different tools in their arsenal. Each of these tools comes with its own unique languages, nuances, and administrative requirements, compounding the complexity of an already challenging environment. This tool sprawl not only places a heavy administrative burden on teams but also significantly complicates the hiring process.
Vendors, for their part, are pitching consolidation messages. This is a predictable move as it concentrates more power—and contract value—into fewer and fewer vendors. However, this consolidation story isn’t something we’re seeing. According to Cribl’s Navigating The Data Current report, Cribl.Cloud users are sending data to 15% more destinations year or year. This indicates the opposite–instead of fewer platforms and tools, we’re seeing more diversity.
The training conundrum
Addressing the skills gap through training is a logical step, yet it’s far from a panacea. Training staff on an ever-growing list of tools and technologies delays their operational effectiveness and escalates costs. Moreover, the diverse mix of data and protocol standards—ranging from legacy systems to the latest frameworks—adds another layer of complexity, making it increasingly difficult to ensure staff are equipped with the knowledge and skills needed to navigate this labyrinth.
The standards struggle
The struggle with data standards further exacerbates the skills challenge. The inconsistency in support for various standards across tools means that teams often find themselves wrestling with data formatting and interoperability issues. This not only drains valuable time but also contributes to staff burnout, as the constant battle with incompatible standards and incomplete protocols becomes a source of frustration and inefficiency.
Bridging the gap between competing, often conflicting or incomplete, standards is a key area where observability pipelines can help. By abstracting sources from destinations, pipelines make it easy to ingest one data format, like syslog, and output completely different formats, like CrowdStrike Next-Gen SIEM Schema, OCSF, OpenTelemetry, and more.
The “Box of LEGOs” approach
Many vendors adopt a modular approach to their products, likening them to a “box of LEGOs” that users can piece together to create custom solutions. While this may appeal to data engineers and integrators, it presents a cumbersome and impractical challenge for IT and security professionals. This fragile approach places enterprises just one step away from potential downtime on mission-critical systems, highlighting the precarious balance between customization and operational stability.
The promise and pitfalls of automation
Automation, particularly through AIOps, has been heralded as a potential solution to the skills challenge. However, its promise remains largely unfulfilled, with significant gains yet to be realized for teams and hiring managers. The expectation that automation could alleviate the burden of manual tasks and compensate for the skills gap has not materialized as hoped, leaving many to question the feasibility of relying on AIOps as a standalone solution.
Moving forward
The path forward requires a multifaceted approach. Enterprises must advocate for more intuitive, standardized tools that reduce the learning curve and cognitive overhead. Vendors should strive for greater interoperability and simplicity in their product offerings, moving away from their piecemeal approaches to more holistic, integrated solutions. Meanwhile, the continued exploration of automation and AIOps as part of a broader strategy to augment human capabilities is essential.
Collaboration between vendors, enterprises, and educational institutions will be key to navigating the unsustainable skills challenge. By working together to streamline tools, standardize protocols, and enhance training and support, the industry can begin to close the skills gap, reducing burnout and enabling teams to focus on their core mission: safeguarding and optimizing their digital environments.
If you want to see how Cribl is removing the toil from IT and security operations while making tools easier to manage, join us and Guidepoint Security at Microsoft Ignite next month in Chicago and at AWS Re: Invent in Las Vegas the first week of December. We look forward to meeting with you.
Not headed to any events? No worries – join a webinar, read a blog, or sign up for the sandbox to learn more about Cribl.
Ben MartinMooney
Product Marketing Manager,
GuidePoint Security