LAS VEGAS — What security skills shortage problem? In his show-opening keynote at McAfee MPower here, CEO Chris Young says the industry needs to think about the oft-reported security skills shortage differently. While the industry largely considers it a problem today, Young says there’s an opportunity.
Citing U.S. figures, Young said there are some 750,000 Americans employed in cyber-security, and 300,00 positions yet to be filled. Much of the drama of the skills shortage comes from the results of the inability to fill those 300,000 positions — either roles go unfilled and everyone has more put on their shoulders, or it leads to security professionals changing jobs more frequently than one might expect, chasing ever-increasing paycheques. The solution, Young said, it not about thinking about throwing more bodies at the problem.
“If we could make those 750,000 people 20 per cent more efficient, we could eliminate half of those job openings,” Young said. “And we can do that. It’s a matter of discovering where you can improve efficiency.”
He added McAfee would be happy to help customers figure out where those efficiencies are, offering a service to help tackle just that problem and how to solve it “whether it’s using McAfee tools or not.”
Much of that efficiency gain, Young figures, will come from increases in automation of security products, as well as what McAfee calls human/machine teaming — a big topic in McAfee’s strategy that means using machine learning to tackle many of the big data details of security attacks, guiding and informing the humans that are fighting against attackers.
“We need a world where our tools do a good job of supporting our people, and not our people having to spend time supporting our tools,” he said. “Human/machine teaming can completely change the game.”
One of the big product announcements at Mpower, McAfee Investigator, is an example of such teaming. The company says McAfee helps make security operations more efficient by using machine learning to re-create attacks on a company’s environment in real-time — a way to let humans more effectively triage attacks and would-be attacks based on data gathered from threat intelligence databases as well as both McAfee and non-McAfee security products in the customer’s environment.
Young’s comments were part of a broad keynote presenting the company’s view of a changing security landscape, and the company’s changing strategy within that landscape.
That landscape, he said, will involve changing priorities, as he presented an argument that the network lose its primacy as a point of security, with more emphasis on security at the endpoint and in the cloud. Despite his background with Cisco, Young said he believes that when it comes to security, the network should be viewed as primarily a transport layer, while the data and the applications — the things attack designers are seeking to attain, lock down, or otherwise manipulate — live in the endpoint, in the cloud, and in the data centre.
While McAfee’s history is in the endpoint, and over the last year it has evolved its offerings there significantly, the focus on cloud is relatively new territory for McAfee, space where the company admits it has room for improvement. But Young signaled more and more of the company’s offerings moving to the cloud, most notably telling attendees that the company will largely move its network appliances from on-premise hardware today, to native cloud-delivered services that live physically closer to a customer’s data —say iin the cloud — in the future.
“We will continue to deliver solutions, but we’re also moving our future roadmap to be much more forward-leading with product int the cloud,” he said, offering an example of the ability to run its IPS products today on Amazon Web Services. “In the future, we will deliver a native experience with all our security tools, whether formerly physical appliances or pure software, in the cloud, just like any other application.”
This year is the first year for Mpower, the new brand for McAfee’s big annual security show, formerly known as Focus, and also the first big tent opportunity for McAfee since its spinout from Intel last spring. The company is touting it as a the industry’s first “on-demand security conference,” with many main-stage speakers offering attendees a choice between two different presentations they can deliver. Young, for example, presented his messages around a theme of “reading the future,” which was up against an alternative “reading your mind” presentation.
And indeed, Young phrased his delivery around looking at where the security landscape is heading, and touted his history on such predictions — playing an RSA 2016 presentation from 18 months ago, wherein he asked “what if the presidential election was disrupted by a cyber-attack?”
While opinions on whether or not just that happened last November may largely split along U.S. political party lines, Young noted that there’s no doubt that as a result of last year’s elections, concepts of fake news and social media manipulation have certainly become part of the common vernacular after last year’s U.S. presidential election.