Report: Cybersecurity Skills Shortage Requires Different Approach

Brian Thomas | July 11, 2019

If your organization is grappling with a tight cybersecurity talent pool, you’re not alone. According to Gartner, 61% of organizations struggle to hire security professionals. It’s a problem that’s only going to get worse. The Harvard Business Review predicts that, by 2020, there will be more than 1.5 million unfilled cyber positions worldwide.

It couldn’t come at a worse time.

The advent of 5G and the explosion of the Internet of Things (IoT) is expected to add 20.4 billion connected devices to global networks by next year alone. A hacker’s favorite target, these devices pose an often-overlooked security risk.

Consider the energy sector, a major bull's eye for cyber hackers. A study by IBM and Oxford Economics found that energy and utilities companies invest 7% of their IT budgets in deploying and maintaining IoT technology, yet spend only 1% of that budget on securing them. 

IoT isn’t the only risk factor. The report also found that few companies have the knowledge or resources to take proper precautions or keep pace with digital transformation.

A new mindset is needed

While colleges and universities are responding to the demand for cyber skills by offering undergraduate cybersecurity programs, addressing the skills shortage is a complex and multifaceted issue—one that can’t be solved in the classroom alone.

Speaking at the recent Gartner Security and Risk Management Summit, Sam Olyaei, director of the analyst group’s security and risk management team, suggested that the real challenge lies in how security leaders are addressing the issue. "The problem is really our mindset has to be shifted away from thinking about open roles that can be hired out in the market to actually optimizing the security function in ways that can actually help you procure the competencies we need.”

Companies are putting too much weight on certifications, continued Olyaei, or don’t know what security skills they need. There’s also a lack of standardization around job titles, what they mean, and an absence of clear career paths for security professionals. These factors can be remedied, suggests Olyaei, by standardizing titling in security roles according to NIST’s cybersecurity workforce framework and using enticing job titles and descriptions that attract candidates by stressing growth opportunities and flexibility.

Automate security so employees can build new skills

In addition to Olyaei’s recommendations, Gartner’s Beth Schumaecker urged security professionals in growth industries to implement an adaptive automation strategy that allows them to better utilize the skills and people they have. Repetitive operations tasks such as continuous cybersecurity monitoring functions, for example, are prime targets for automation, freeing teams to focus on more strategic work.  

Automation can also help free up employees to learn new skills that are critical to keeping your business protected. Today, cyberattacks touch every corner of the organization and security leaders are increasingly being asked to assume the role of security champion and digital risk officer. To be successful in this role, they must break down the silos between the Security Operations Center (SOC) and the boardroom. This requires a new set of “soft”, non-technical competencies, such as the ability to communicate clearly and succinctly, business acumen, and an understanding of corporate goals. Each of these hold the keys to better aligning security practices with the wider objectives of your organization.

Cyber gap closed, talent pool opened

By shifting your organization’s mindset about the ways in which your security function can be optimized and mapping that back to your workforce strategy, you’ll be able to close the cybersecurity skills gap and open the doors to a wider and more diverse talent pool. Going the extra mile and supporting this talent with automated cybersecurity practices will help you establish a sound security posture that requires less manual labor. Then, security professionals can put their focus where it counts: proactively safeguarding your business against whatever might be coming next. 

New call-to-action


Suggested Posts

Businesses Must Prepare Now for the Growing Cybersecurity Cold War

Each January, cybersecurity pundits busily fill the airwaves with their predictions for the year ahead. There’s much to think about. However one trend is particularly troubling for U.S. and European businesses – an intensification of a new...


Tensions with Iran Could Have Cybersecurity Ramifications for U.S. Businesses

Rising tensions in the Middle East in the wake of the killing of General Qasem Soleimani, the head of Iran’s military Quds Forces, has U.S. troops on high alert.

However, the strike has also put cybersecurity experts on notice.


New Orleans Suffers Friday the 13th Ransomware Attack

Friday the 13th of December proved to be a cybersecurity nightmare for the city of New Orleans -- and it’s not over yet. At around 5.00 a.m., “suspicious activity”, including evidence of both ransomware and phishing, was detected on the...


Subscribe to get security news and updates in your inbox.