February 23, 2018 By Douglas Bonderud 2 min read

The cybersecurity talent gap is a known quantity. Companies across the globe are feeling the strain as demand for security support, innovation and skills soar despite a shortage of incoming IT professionals.

As noted by a recent Capgemini study, there’s a 25 percent gap between demands for cyber talent and existing supply. In addition, a Cybersecurity Ventures report predicted a shortfall of 3.5 million cybersecurity professionals by 2021.

So what’s the secret for companies struggling to achieve security goals even as malicious actors get more aggressive? How can they bridge the gap and get back on track?

The Cybersecurity Talent Gap Is Growing

According to the Capgemini study, 68 percent of organizations reported a high demand for cybersecurity skills. Analytics and innovation also made the list at 64 and 61 percent, respectively, but have smaller gaps compared to the whopping 25 percent cybersecurity gap.

Specificity is also a concern. A recent PricewaterhouseCoopers (PwC) white paper noted that, while finding a cybersecurity generalist is often possible, it’s much more challenging to find experts capable of managing enterprise-specific or legacy technologies.

According to CSO Online, this isn’t all bad news, since the increasing recognition by enterprises (and specifically C-suites) that cybersecurity is a must-have rather than an afterthought marks a watershed moment for the industry. Jennifer Steffens, CEO of IOActive, put it simply: “Organizations are waking up to the critical importance of security.” The next step, she said, is recognizing that “the workforce shortage will grow unless organizations also wake up how they approach finding and retaining talent,” she told CSO Online.

Using Existing Talent

Now that companies recognize the importance of cybersecurity talent, how can they close the skills gap? The PwC paper noted that some tasks can be handled by outsourced security services, reducing the number of in-house professionals required. In fact, 62 percent of respondents to the firm’s “Global State of Information Security Survey 2018” said they’re now using managed services for access management and threat intelligence.

The caveat is that it’s not possible to move everything off-site, meaning enterprises need a new source of skills. One option is to increase the value of cybersecurity positions within the organization. This means giving chief information security officers (CISOs) a spot at the table and giving skilled professionals the autonomy they need to get their jobs done. This includes solid budgets for continual training and responsibilities that go beyond simple break-fix scenarios.

Closing the Gap With New Collar Workers

As noted by Help Net Security, it’s also possible to level up existing enterprise talent outside of the IT pipeline. This includes customer service, business development, sales, law and finance professionals. Here, situational abilities and a willingness to learn matter more than an idealized skill set.

These employees could even be easier to train than traditional IT professionals, since they don’t come with preconceived notions of how IT has always been done. Companies need to put out the word that they’re interested in training new security professionals, see who steps up and then support burgeoning careers.

Traditional hiring has a place here too. Partnerships with technical colleges and universities are worthwhile, but the numbers don’t lie: Finding enough talent requires thinking outside the box.

Organizations now recognize the value of cybersecurity talent, and they’re setting security goals to match. The problem is that the talent shortfall means missed targets and increasing distance between expectations and reality. The solution is to get innovative by leveraging outsourced skills, increasing the value of cybersecurity positions and tapping new talent pools to help close the distance.

More from

CISA hit by hackers, key systems taken offline

3 min read - The Cybersecurity and Infrastructure Security Agency (CISA) — responsible for cybersecurity and infrastructure protection across all levels of the United States government — has been hacked.“About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson announced.In late February, CISA had already issued a warning that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Ivanti Connect Secure is a widely deployed…

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today