For those curious about cybersecurity but lacking any practical knowledge of the domain, it is often hard to come across articles that easy to follow along. This one about the myth of workforce shortage in cybersecurity is a good read.
Traditionally, enterprises have treated vulnerability management as a manpower and triage problem. They assembled lists of CVEs that their scans turned up and argued over which ones to patch. Every day the list grew, and every quarter CISOs tried to make the case for additional hires.
Application of data science to this problem has shown that companies can — and do — make meaningful risk reductions with available resources. That's because the small cadre of hackers capable of developing new exploitations are highly likely to follow well-worn patterns. A complete analysis of decades of threat data bears this out.
I wonder if there is another contributing factor to this workforce dilemma. The exploits are carried out by hackers and there is a cult of personality that goes with it. If vulnerability management is automated for the most part then its takes away from the super-powers of the people who are in charge today. It's the fight between good and evil where the personalities behind the stories matter. Reminded me of this very ludicrous movie Swordfish which makes a joke of the world of hacking. Imagine replacing Hugh Jackman with an algorithm - that would be untenable.
Comments