Skilled security staff are hard to find, security teams need to be creative
A study conducted in July by Dimensional Research examined how organizations are addressing the cybersecurity skills gap. Study respondents included 315 IT security professionals at U.S.-based companies with more than 100 employees.
According to the study, 93 percent of security professionals are concerned about the cybersecurity skills gap, and 72 percent believe it is more difficult to hire skilled security staff to defend against today’s complex cyberattacks compared to two years ago. Significantly, 81 percent believe that the skills required to be a great security professional have changed in the past few years.
Twenty percent of respondents said their organizations had hired people with expertise not specific to security over the past two years, and another 17 percent stated they plan to do the same in the next two years. Additionally, the study found that 50 percent plan to invest more heavily in training their existing staff to help with the looming skills shortage.
“It’s evident that security teams are evolving and maturing with the rest of the cybersecurity industry, but the pool of skilled staff and training simply aren’t keeping up,” said Tim Erlin, vice president of product management and strategy at Tripwire. “For example, beyond their technical duties, security practitioners may now be expected to spend more time in boardrooms or in the CFO’s office to secure more budget. While the makeup of the cybersecurity workforce may be changing, the fundamentals of protecting an organization have not. It will be critical during this transition to ensure there’s a long-term strategy in place around maintaining their foundational security controls.”
How to tackle the skills gap
The study also looked at how organizations expect to tackle the skills gap in the future and found the following:
- Ninety-one percent plan to supplement their team by outsourcing for skills.
- Eighty-eight percent believe managed services would add value to solving the skills gap problem.
- Ninety-eight percent expect other functions like non-security teams to be more involved in cybersecurity moving forward.
- Ninety-six percent believe that automation will play a role in solving the skills gap in the future.
Erlin added: “The skills gap doesn’t have to be an operational gap. Security teams shouldn’t overburden themselves by trying to do everything on their own. They can partner with trusted vendors for managed services or subscribe to service plans where outside experts can act as an extension of the team. Organizations should also understand that security is a shared responsibility across different functions, so people from other parts of the business should be involved in the cybersecurity program. And, of course, automation can add value not only in reducing manual work, but also in ensuring that everything is up-to-date and working as it should in real time. Security teams may just need to work more creatively.”