February 23, 2018 By Douglas Bonderud 2 min read

The cybersecurity talent gap is a known quantity. Companies across the globe are feeling the strain as demand for security support, innovation and skills soar despite a shortage of incoming IT professionals.

As noted by a recent Capgemini study, there’s a 25 percent gap between demands for cyber talent and existing supply. In addition, a Cybersecurity Ventures report predicted a shortfall of 3.5 million cybersecurity professionals by 2021.

So what’s the secret for companies struggling to achieve security goals even as malicious actors get more aggressive? How can they bridge the gap and get back on track?

The Cybersecurity Talent Gap Is Growing

According to the Capgemini study, 68 percent of organizations reported a high demand for cybersecurity skills. Analytics and innovation also made the list at 64 and 61 percent, respectively, but have smaller gaps compared to the whopping 25 percent cybersecurity gap.

Specificity is also a concern. A recent PricewaterhouseCoopers (PwC) white paper noted that, while finding a cybersecurity generalist is often possible, it’s much more challenging to find experts capable of managing enterprise-specific or legacy technologies.

According to CSO Online, this isn’t all bad news, since the increasing recognition by enterprises (and specifically C-suites) that cybersecurity is a must-have rather than an afterthought marks a watershed moment for the industry. Jennifer Steffens, CEO of IOActive, put it simply: “Organizations are waking up to the critical importance of security.” The next step, she said, is recognizing that “the workforce shortage will grow unless organizations also wake up how they approach finding and retaining talent,” she told CSO Online.

Using Existing Talent

Now that companies recognize the importance of cybersecurity talent, how can they close the skills gap? The PwC paper noted that some tasks can be handled by outsourced security services, reducing the number of in-house professionals required. In fact, 62 percent of respondents to the firm’s “Global State of Information Security Survey 2018” said they’re now using managed services for access management and threat intelligence.

The caveat is that it’s not possible to move everything off-site, meaning enterprises need a new source of skills. One option is to increase the value of cybersecurity positions within the organization. This means giving chief information security officers (CISOs) a spot at the table and giving skilled professionals the autonomy they need to get their jobs done. This includes solid budgets for continual training and responsibilities that go beyond simple break-fix scenarios.

Closing the Gap With New Collar Workers

As noted by Help Net Security, it’s also possible to level up existing enterprise talent outside of the IT pipeline. This includes customer service, business development, sales, law and finance professionals. Here, situational abilities and a willingness to learn matter more than an idealized skill set.

These employees could even be easier to train than traditional IT professionals, since they don’t come with preconceived notions of how IT has always been done. Companies need to put out the word that they’re interested in training new security professionals, see who steps up and then support burgeoning careers.

Traditional hiring has a place here too. Partnerships with technical colleges and universities are worthwhile, but the numbers don’t lie: Finding enough talent requires thinking outside the box.

Organizations now recognize the value of cybersecurity talent, and they’re setting security goals to match. The problem is that the talent shortfall means missed targets and increasing distance between expectations and reality. The solution is to get innovative by leveraging outsourced skills, increasing the value of cybersecurity positions and tapping new talent pools to help close the distance.

More from

Are we getting better at quantifying risk management?

4 min read - As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become a crucial component of securing the necessary resources for cybersecurity programs.What approach do companies use today for cyber risk quantification? And how has cyber risk…

Trends: Hardware gets AI updates in 2024

4 min read - The surge in artificial intelligence (AI) usage over the past two and a half years has dramatically changed not only software but hardware as well. As AI usage continues to evolve, PC makers have found in AI an opportunity to improve end-user devices by offering AI-specific hardware and marketing them as "AI PCs."Pre-AI hardware, adapted for AIA few years ago, AI often depended on hardware that was not explicitly designed for AI. One example is graphics processors. Nvidia Graphics Processing…

Cybersecurity Awareness Month: Cybersecurity awareness for developers

3 min read - It's the 21st annual Cybersecurity Awareness Month, and we’re covering many different angles to help organizations manage their cybersecurity challenges. In this mini-series of articles, we’re focusing on specific job roles outside of cybersecurity and how their teams approach security.For developers, cybersecurity has historically been a love-hate issue. The common school of thought is that coders are frustrated with having to tailor their work to fit within cybersecurity rules. However, many companies are embracing a security-first approach, and some developers…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today