May 9, 2018 By David Bisson 2 min read

Three-quarters of organizations experience difficulty attracting qualified IT security candidates, a recent survey found.

According to the “Staffing the IT Security Function in the Age of Automation” report, sponsored by DomainTools and conducted by the Ponemon Institute, just one-quarter of IT and security practitioners said their organization has no trouble finding qualified candidates. That’s down from 34 percent in 2013.

The retention rate of skilled professionals is slightly better at 28 percent, a figure that slid from 42 percent five years prior. Even so, more personnel said their organization’s security functions were understaffed in 2018 (75 percent) compared to 2013 (70 percent).

IT Security Staffing Weighed Down by the Skills Gap

The Ponemon Institute surveyed 615 IT and security professionals for the study. Their responses provided insight into how and why organizations are failing to keep up with their staffing duties.

The survey traced part of the problem to hiring managers’ high expectations regarding the education, knowledge and requisite skills of job candidates. For instance, more than half (55 percent) of respondents said their organization expects applicants to hold either a master’s or bachelor’s degree in IT security or a related field. Meanwhile, 52 percent reported that their employer looks for candidates with professional certifications, such as Certified Information Systems Security Professional (CISSP).

Ponemon found that organizations don’t go easy on entry-level applicants, either. Respondents said their employer requires candidates to possess an understanding of cybersecurity threats (39 percent), intrusion detection and prevention systems (19 percent), and security standards and frameworks (18 percent).

Similarly, 25 percent of respondents revealed that their organization looks for entry-level individuals who can maintain security records for incident response activities, while slightly fewer participants said the same about the ability to evaluate malware (21 percent) and perform threat analyses (18 percent).

The above percentages were all higher with respect to attracting experienced professionals.

Reasons for Staffing Failures

The survey suggested that common hiring practices may be contributing to the cybersecurity skills shortage. Just 24 percent of respondents said their employer views IT security as a viable career path, for example, while 39 percent of IT practitioners said their organizations offer generous compensation packages.

Looking ahead, Joseph Carson, chief security scientist at Thycotic, asserted that companies’ staffing woes won’t improve with the acceleration of automation, artificial intelligence (AI) and machine learning. He noted that such developments require “constant human cognitive input” to make sense of what’s going on. As a result, he explained that companies need to invest more in human security personnel to make the most of automation.

“Don’t expect to get any value out of AI or machine learning–powered tools if you do not have sufficiently skilled staff to use them correctly,” Carson said, as quoted by Infosecurity Magazine. “These tools will only be as good as the humans interpreting the output.”

At the same time, Ponemon suggested that organizations can overcome some of their staffing challenges by looking past candidates’ technical skills and urged prospective IT professionals to recognize the importance of on-the-job experience when applying for a security role.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today