Considering cybersecurity professionals are endlessly pitted against sophisticated cybercriminals, this job is not for the fainthearted.

Courtesy of ITU/Claudio Montesano Casillas at Creative Commons

Cybersecurity is a hard, often thankless job that has the power to make grown men and women scream, cry, throw their hands up in resignation…or hand in their resignation.

“We’re like sheep waiting to be slaughtered,” David Jordan, a chief information security officer (CISO) with Virginia’s Arlington County, told the New York Times. “We all know what our fate is when there’s a significant breach. This job is not for the fainthearted.”

Given that CISOs and other cybersecurity professionals are often endlessly pitted against sophisticated cyber criminals with enterprise-level resources at their own disposal, “not for the fainthearted” may be the understatement of the year; perhaps even the decade.

Today’s CISOs need to be more than cyber security experts – which in itself is a mammoth challenge, given that knowledge in the cybersecurity field sometimes has a shelf life measured in weeks or months, rather than years and decades. They also need to be well-versed in crisis management, communications, and procurement, especially when it comes to evaluating technology to separate vendor marketing hype from practical benefit. “Of all the headaches that chief information security officers face,” writes New York Times reporter Nicole Perlroth, “one of the biggest is figuring out which security products to trust.”

Given the challenges that CISOs face (see: “sheep to slaughter”), it’s no surprise that they’re nearly impossible to find. As my colleague Doug McLean wrote about in May, hunting for cybersecurity experts is like searching for unicorns. Indeed.com has listed 26,000 open cybersecurity positions in North America and Cisco pegs the global shortage at one million. Even with ultra-attractive packages that include hefty salaries, C-level perks, and other goodies that would have most other professionals salivating, HR departments and recruiters are coming up empty. What’s more, investing in education and training to create tomorrow’s cybersecurity professionals – while a wise idea – is a process that will bear fruit several years in the future; not right now, which is when enterprises need them the most.

As such, the only practical answer for enterprises that want to stay safe — and for CISOs who want to have a successful career — is to leverage a technology that fills gaps left behind by their existing breach detection systems, which significantly reduces the burden on SOC/IR staff by fully automating traffic log analysis, incident response, and threat remediation at each step in the kill chain.