The IoT Security Skills Gap
The Internet of Things (IoT) is changing the cybersecurity landscape. This shift in skills along with the already shortfall of IT workers is widening the gap in what’s needed to be a successful IT professional. In fact, the number of unfilled jobs in the industry is expected to hit 3.5 million by 2020.
Looking at the numbers, we can see that the largest vacancies are in the area of cybersecurity operations. The shortage of professionals is compounded for companies deploying IoT.
Why the IoT Expertise Shortage?
First, IoT is still a new field that has little formal training or academic programs. Second, the title and duties of such a role are not clearly defined — the process is still in flux. It’s also unknown exactly how many of the specialists will be needed. Finally, the lack of IoT leadership is adding to the issue. A Gartner survey identified a lack of IoT-proficient leaders slows down the adoption of IoT projects in 40% of organizations.
The area of IoT will need analysts as much as any other cybersecurity segment. But because of these factors, it’s imperative to understand the skill gap and facilitate a way to bridge it, either with existing staff or with new staff that has basic skills and can learn the intricacies of IoT security.
What options do companies involved in the world of IoT have to develop analysts into experts in the field? First, it’s important to identify what skills will be most useful since there are no IoT certifications. Then consider other creative ways to prepare and overcome the gap.
Skills Needed in IoT Security
To understand where your team needs to be on the spectrum of IT knowledge, these are the most relevant skills needed for IoT security.
It’s important for a developer to understand the business space. This is directly related to how IoT works, which includes collection, storage and analysis of data from smart devices. If your developers don’t have an appreciation of the value of the data, then they’d be unlikely to be able to make sense of it.
Skill sets needed to grasp business intelligence include sensor data analysis, data center management, predictive analytics, and programming in Hadoop and NoSQL.
You can bridge this gap by having developers take a course on data science to learn about predictive analytics and machine learning.
The IoT is a big target for DDoS attacks, so its security has to be proactive, not reactive. If someone already is familiar with vulnerability assessments that’s a plus. Public key infrastructure (PKI), ethical hacking, and wireless network security are also all meaningful skills to have.
To gain further knowledge on these topics, developers could take a cybersecurity specialization session built around DDoS threats as well as ethical hacking courses.
With ethical hackers on your team, they can find the vulnerabilities much in the same way that a malicious one would. Understanding the protocols used to enroll digital certificates to remote IoT devices is also imperative.
UX and UI Design
With any IoT device, it must have an easy-to-use UI with UX considerations. After all, no one will use anything that’s too complicated. Developers working on these parts of the IoT framework need to have a full understanding of responsive web design and user-focused design.
There are plenty of design classes that focus on UI and UX, including a product design one from Google, a brand that obviously has mastered UI and UX design. Within this course, it would be ideal for the developer to learn any challenges that UI and UX pose to IoT security. For instance, if you make something more convenient, does that decrease its security?
Mobile App Development
Most IoT devices will be connected to and managed by smartphones. Thus, new apps will need to be built to facilitate this. The apps will need to communicate with external hardware on the network. Anything that’s cloud-connected or Bluetooth-enabled presents opportunities for hacking.
To master this, candidates will need to be well-versed in both iOS and Android app development. At a minimum, the framework for app development should be in anyone’s skillset on your IoT team.
The ability to program interfaces such as GPIO and I2C are necessities for IoT developers. Additionally, an IoT specialist should have knowledge of at least one operating system and one embedded system.
In IoT, embedded sensors engage with the environment around them. This collection information is then analyzed. The network that carries that data will be one of enormous traffic. It must be secure and reliable. To do this, developers should have basic OSI stack knowledge, especially connectivity protocols so that the latest standard in IoT communication is always running. If a gap in skills is found here, then most any computer networking courses would be appropriate.
The value of IoT is held mostly in its operability. With such a large amount of data and interfaces, developers with the ability to connect automatic API testing with manual testing will be in high demand. For help with this skill, candidates should enroll in an agile testing course and learn as much as possible related to automating web testing.
Designing for Data
As discussed, IoT is all about data, and the job of anyone on a development team is to make the data work seamlessly for users. Big data is helping cities with urban planning and providing insights for disease treatment in healthcare. Thus, the ability to read and interpret data meaningfully is essential. Expand this ability with a course in data science.
Machine Learning and AI
Big data only means something when it’s actionable. Patterns must be deciphered for it to have an impact on the process or workflow it’s a part of. IoT will only become more complex and with that, AI will be responsible for more autonomous decisions.
In addition to the data science course to first understand the collection and analysis, further coursework in machine learning and AI will be required.
When automation is a part of the workflow, enabled by AI, then analysts don’t get “alert fatigue,” which can cause critical alerts to be ignored. Automation is a developer’s friend when it comes to IoT security.
Hands-On Experimentation and Testing
For IoT to be fully understood by those developing the security for it, real-world experimentation and testing is necessary. This provides them the insight to look at the platform from a user’s perspective.
Developers must be cognizant of changes in programming languages and evolving hardware platforms. They should be aware of the tools and methodologies coming out of open source communities, too. The bridge between the digital and physical worlds ensures devices deployed are user-friendly and secure.
Put Your IoT Training Plan in Motion
Virtually all of the skills that are needed for IoT professionals overlap with all other roles. What makes IoT training unique is the platform itself and how these devices connect and interact in the world.
To empower your current and future development teams to become better prepared for the IoT evolution, you can find courses at InfoSec Institute that touch on all the topics discussed in this article. For a complete view of courses, start here.
The 2017 Cybersecurity Jobs Report, Herjavec Group