Happy new year everyone! Late last year, I wrote a blog with a few predictions for 2016 focused on threats and enterprise security. Here are a few of my additional expectations for the cybersecurity industry:
- Cybersecurity skills shortage impacts the industry. I cited a bunch of troubling statistics about the global shortage of cybersecurity talent in another recent blog. Depending upon whom you believe, there will be 1 million or more cybersecurity job openings that remain unfilled in 2016. This shortage is already a problem for CISOs, look for it to become a growing headache for cybersecurity product and (especially) services vendors this year as well. Recognizing this issue, firms like Cisco, IBM, and Symantec are developing internship programs, partnering with universities, and offering cybersecurity training to general IT professionals. Other large cybersecurity suppliers will do the same. As a side note to this problem, cybersecurity vendors seeking talent will be forced to invest in facilities outside of the Silicon Valley, good news for Atlanta, Austin, Boston, and Washington D.C. as well as India, Ireland, and the Philippines.
- Mergers and acquisitions. Okay, this one is somewhat obvious but allow me to add my own spin. M&A activities will be robust with numerous big deals taking place before the RSA Security Conference at the end of February. That said, many areas of cybersecurity are actually over-invested right now (i.e. CASB, next-generation endpoint security, etc.). Once the first few deals happen, I foresee an industry panic where Johnny-come-lately VCs get cold feet and start fire selling. As this happens, patient cybersecurity companies will be rewarded with cybersecurity technology startup acquisitions at relative bargain basement prices.
- The Beltway crowd jumps into the commercial market. Federal contractors like Booz Allen Hamilton, CACI International, CSC, L-3, Lockheed Martin, and Northrop Grumman have strong cybersecurity skills and assets but little penetration into the commercial market. Look for one or several of these federal integrators to follow Raytheon’s lead by establishing commercial cybersecurity divisions, hiring management teams with vast private sector experience, and acquiring companies with strong commercial cybersecurity market share.
- Growing trusted systems offerings. Technologies like the Trusted Platform Module (TPM) and Intel’s Trusted Execution Technology (TXT) have been around for years but few software developers have taken advantage of this system-level security functionality. I believe we will see things start to change in 2016 as enterprises look to enhance mission-critical system integrity. Oracle and VMware will join the trusted systems fray while phones will ring off the hook at focused players like Skyport Systems and Virtual Software Systems (VSS).
- Cybersecurity technology vendors will open their own kimonos. Driven by new types of threats, CISOs will continue to increase oversight of IT vendor risk management in 2016. This will cause a reaction on the supply side as leading vendors trumpet their own internal cyber supply chain management and secure software development best practices as a way of differentiating themselves from more lackadaisical competitors. Microsoft secure software development lifecycle (SDL) is a good example here, look for lots of others to emulate this type of model.
I also expect a lot more software architecture expertise entering the cybersecurity technology market as vendors open APIs, integrate products, and embrace middleware foundations as part of their technology architectures. Should be another interesting and eventful year ahead!