ISACA Now recently had a virtual sit-down interview with Brett Kelsey, vice president & chief technology officer for the Americas, Intel Security Group. Kelsey shared his thoughts on the biggest single information security (InfoSec) challenge that organizations face today, how to solve the InfoSec labor shortage and other critical issues he deals with on a daily basis.

Here is ISACA Now’s conversation with Kelsey:

ISACA Now: What is the biggest single InfoSec challenge facing organizations today? Why?

Brett Kelsey: I truly believe that the biggest InfoSec challenge facing organizations today is the human factor.

First, are careless or uninformed employees. We continually hear how even though some protections are in place, organizations constantly suffer from simple forms of ransomware because an employee clicks yes when he/she should not have.

Second, are the disgruntled employees or the insider threat. There are rogue employees inside any organization, especially members of IT teams with knowledge of, and access to, data stores and admin accounts. These employees continue to cause serious damage. Finally, we have the heavily validated lack of available cyber security people to fill the numerous jobs that are going to be required in the years to come.

ISACA Now: What long-term solution(s) do you envision to that challenge?

Kelsey: In the long-term, we as the security industry need to reduce the need for human interaction across various security solutions. This comes with automation and trust. The various disparate technologies need to become more efficient and effective in coverage and fundamentally in working together across technologies.

ISACA Now: How will the InfoSec industry solve its labor shortage?

Kelsey: As much as I'd like to say that there is a silver bullet to solve this problem, I don't believe that there is such a remedy. In the rest of the IT industry we've already seen stronger footholds where the various IT organizations have attached themselves to industry-leading educational institutions. This has provided relevant educational experience for individuals so they can hit the ground running once they start their technology career.

We've yet to see a comparable program in the InfoSec industry that ultimately gives real-world experience coming out of educational institutions. I see this issue from three perspectives:

First, we need a greater quantity of InfoSec programs in our higher educational institutions, not just at a graduate degree level but at an undergraduate level. We need the InfoSec industry to reach out to academia to explain the importance of reconfiguring curriculum to focus on InfoSec training.

Second, we need greater industry attachment to the various educational programs to assist in accelerating the experience required to perform the needed job functions upon graduation and not require extensive additional training post college degree. Organizations such as ISACA, particularly in partnership with industry, could have a significant impact here.

Finally, we need to continue to work on reducing workforce demand. As we create more automated, efficient and effective solutions, we will reduce the need to expend so many human resources on resolving cyber security incidents.

ISACA Now: What part do companies like Intel Security play in solving InfoSec challenges? What should other key players be doing?

Kelsey: Leading InfoSec organizations such as Intel Security and others have a large role in solving this challenge. We need to continue to bring to market technologies that provide automated solutions. We also need to foster the demand for educational programs that focus on InfoSec.

ISACA Now: What are the key takeaways from your recent CSX presentation?

Kelsey: Each attendee should receive a current threat landscape, as well as a greater understanding of three specific points of view regarding the InfoSec industry:

The elements of protection, detection and correction are better together. For technology acceleration and effectiveness, architecture drives velocity. Automation is required in a complex, talent-starved world.

(This article originally appeared on the ISACA blog site, which can be viewed here)

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access