Report: Cybersecurity Skills Shortage Requires Different Approach

Brian Thomas | July 11, 2019

If your organization is grappling with a tight cybersecurity talent pool, you’re not alone. According to Gartner, 61% of organizations struggle to hire security professionals. It’s a problem that’s only going to get worse. The Harvard Business Review predicts that, by 2020, there will be more than 1.5 million unfilled cyber positions worldwide.

It couldn’t come at a worse time.

The advent of 5G and the explosion of the Internet of Things (IoT) is expected to add 20.4 billion connected devices to global networks by next year alone. A hacker’s favorite target, these devices pose an often-overlooked security risk.

Consider the energy sector, a major bull's eye for cyber hackers. A study by IBM and Oxford Economics found that energy and utilities companies invest 7% of their IT budgets in deploying and maintaining IoT technology, yet spend only 1% of that budget on securing them. 

IoT isn’t the only risk factor. The report also found that few companies have the knowledge or resources to take proper precautions or keep pace with digital transformation.

A new mindset is needed

While colleges and universities are responding to the demand for cyber skills by offering undergraduate cybersecurity programs, addressing the skills shortage is a complex and multifaceted issue—one that can’t be solved in the classroom alone.

Speaking at the recent Gartner Security and Risk Management Summit, Sam Olyaei, director of the analyst group’s security and risk management team, suggested that the real challenge lies in how security leaders are addressing the issue. "The problem is really our mindset has to be shifted away from thinking about open roles that can be hired out in the market to actually optimizing the security function in ways that can actually help you procure the competencies we need.”

Companies are putting too much weight on certifications, continued Olyaei, or don’t know what security skills they need. There’s also a lack of standardization around job titles, what they mean, and an absence of clear career paths for security professionals. These factors can be remedied, suggests Olyaei, by standardizing titling in security roles according to NIST’s cybersecurity workforce framework and using enticing job titles and descriptions that attract candidates by stressing growth opportunities and flexibility.

Automate security so employees can build new skills

In addition to Olyaei’s recommendations, Gartner’s Beth Schumaecker urged security professionals in growth industries to implement an adaptive automation strategy that allows them to better utilize the skills and people they have. Repetitive operations tasks such as continuous cybersecurity monitoring functions, for example, are prime targets for automation, freeing teams to focus on more strategic work.  

Automation can also help free up employees to learn new skills that are critical to keeping your business protected. Today, cyberattacks touch every corner of the organization and security leaders are increasingly being asked to assume the role of security champion and digital risk officer. To be successful in this role, they must break down the silos between the Security Operations Center (SOC) and the boardroom. This requires a new set of “soft”, non-technical competencies, such as the ability to communicate clearly and succinctly, business acumen, and an understanding of corporate goals. Each of these hold the keys to better aligning security practices with the wider objectives of your organization.

Cyber gap closed, talent pool opened

By shifting your organization’s mindset about the ways in which your security function can be optimized and mapping that back to your workforce strategy, you’ll be able to close the cybersecurity skills gap and open the doors to a wider and more diverse talent pool. Going the extra mile and supporting this talent with automated cybersecurity practices will help you establish a sound security posture that requires less manual labor. Then, security professionals can put their focus where it counts: proactively safeguarding your business against whatever might be coming next. 

New call-to-action


Suggested Posts

Why Bayer Chose BitSight

Companies must build a “trust and verify” strategy when it comes to managing third party risk. Requesting documentation about a supplier’s security performance is good – but how can you verify it? How can you continuously review...


Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...


BitSight Honored as CRN® Tech Innovator Award Winner

In recognition of our groundbreaking innovation and true differentiation in serving the IT channel, we’re proud to announce that the BitSight Peer Analytics solution has been selected as a winner in the CRN 2019 Tech Innovator Awards.


CISOs have a tough job.

How can they gain buy-in to improve security program effectiveness?

Read The Guide

Subscribe to get security news and updates in your inbox.