Speaking in a keynote at the firm's annual MPower Partner Summit, in Amsterdam, Young said that Europe has one of the highest demands for cyber-security talent but “we are coming up short in the search for security talent”. He added that in Europe there was around a 15 percent gap between the number of roles available to IT security professionals and the number of people able to do these jobs.
Young said that the issue should be re-framed. “We need to call it by a different name. It should be a talent efficiency opportunity, not a talent shortage problem”.
He said we need a world where “tools support people, not where people support tools”.
“Tools can help us become more efficient and bridge that 15 percent gap in talent,” said Young. “We can get more efficient and more effective by putting more capabilities into our tools.”
He said the focus within the cyber-security industry and his company would be to make tools better and people more efficient. “This is how the cyber-security environment will look like in the future.”
“There is power when different companies, products and people to come together to fight the threat we face.”
Earlier in his speech, Young said that an open ecosystem would be at the heart of the company going forward. He said his company “fundamentally believes in an open ecosystem”, adding that in three to five years, integration between security products will “move beyond nice to have more to a mandated part of security”.
Having an open ecosystem meant putting thought into building an architecture around cyber-security that could not only deal with the threats today, (which he said were constantly evolving), but also future, unknowable attacks.
This future was also described by Young as a “chaotic landscape that will change the cyber-security posture” of many organisations.
“We need to think of defence as a whole, rather than the sum of its parts. We need to think across the entire threat cycle,” said Young. “Individual technologies need to work in concert. That means we need to think of the architecture on which this is built. This will be the enduring part and we need to get these principles right”.
Having the right framework in place would enable organisations to withstand broader, wide-scale attacks of the kind seen earlier this year with NotPetya and WannaCry.
“We need to be able to deal with attacks we haven't even thought about.”
Young said the biggest amount of money spent in cyber-security by organisations was in securing their own network, but going forward, the network won't be “the logical control where we manage security”.
“Users connect to applications without going over the network,” he said. “Perimeters are eroding, and users are bypassing the network.”
He said that there was an “explosive” move to SaaS and cloud apps and “this will change how cyber-security will ultimately function”.
“We need to architect security at where the attacks are happening.”
In a separate development McAfee has agreed to acquire Skyhigh Networks in move that McAfee believes will help boost its presence in the cloud access security broker market.
The financials details of the deal were not announced, but Crunchbase sets Skyhigh's total funding amount at $106.5 million (£79 million). McAfee CEO Christopher Young said in a written statement that he welcome's Skyhigh's employees to the McAfee family. No mention was made of how the transition will affect Skyhigh's executive team.
“Skyhigh is an ideal complement to McAfee's strategy—one focused on building and optimising mission-critical cybersecurity environments for the future. Skyhigh had this prescience five years ago, when it distinguished itself as the first cybersecurity provider to launch what is now a burgeoning CASB category. They purpose-built a cloud platform for both frictionless experiences and coordinated control,” Young said.
The closing date for the deal was not revealed.