For the past four years, ESG and the Information Systems Security Association (ISSA) collaborated on a research project focused on the experiences, opinions, and careers of cybersecurity professionals (download this year’s report).
At the risk of appearing like Chicken Little, I am quite alarmed. The security industry continues to address major issues with a combination of technology reliance and lip service. Yup, we remain gaga over technology and wave our arms around with training programs, but we aren’t making much progress.
Case in point: The global cybersecurity skills shortage. The research data clearly indicates that this situation not only isn’t improving, but it may in fact be getting worse. For example:
- 70% of cybersecurity professionals claim that their organization is impacted by the cybersecurity skills shortage. In the past four years, this percentage ranged from a low of 69% to a high of 74%, so the data shows a general lack of improvement.
- The primary ramifications of the skills shortage include an increasing workload on the existing cybersecurity staff, long-standing open jobs, an increase in hiring and training junior personnel, and an inability to learn or utilize security technologies to their full potential. This last implication is somewhat ironic. We are so busy putting out cybersecurity fires that we haven’t taken the time to learn how to properly use the hoses.
- Skills shortages are most acute among application security specialists, cloud security specialists, and security analysts. With organizations developing more software, moving workloads to the public cloud, and facing more sophisticated threats, these shortages are disconcerting, to say the least.