Study Reveals Cybersecurity Skills Shortage

The skills required for information security have changed in the last few years, according to IT security professionals in a recent survey. Security and compliance company Tripwire conducted the study with assistance from Dimensional Research, which revealed 93 percent of security pros are concerned about the cybersecurity skills gap, and 72 percent said it's more difficult to hire skilled security staff compared to two years ago.

The study findings are based on survey responses from 315 IT security professionals at U.S.-based companies with more than 100 employees.

Among the findings:

  • Just 20 percent of respondents said their company has hired people without specific security expertise for security roles, and 17 percent plan to do so in the next two years;
  • 50 percent plan to invest in training existing security staff;
  • 91 percent plan to supplement their security team by outsourcing for skills;
  • 88 percent said managed services would help solve the skills gap problem;
  • 96 percent said automation will play a role in closing the skills gap; and
  • 98 percent said that other functions, such as non-security teams, will be more involved in cybersecurity in the future.

"It's evident that security teams are evolving and maturing with the rest of the cybersecurity industry, but the pool of skilled staff and training simply aren't keeping up," said Tim Erlin, vice president of product management and strategy at Tripwire, in a statement. "For example, beyond their technical duties, security practitioners may now be expected to spend more time in boardrooms or in the CFO's office to secure more budget. While the makeup of the cybersecurity workforce may be changing, the fundamentals of protecting an organization have not. It will be critical during this transition to ensure there's a long-term strategy in place around maintaining their foundational security controls."

Erlin pointed out that security teams can look for help both within their organization and externally: "The skills gap doesn't have to be an operational gap. Security teams shouldn't overburden themselves by trying to do everything on their own," he said. "They can partner with trusted vendors for managed services or subscribe to service plans where outside experts can act as an extension of the team. Organizations should also understand that security is a shared responsibility across different functions, so people from other parts of the business should be involved in the cybersecurity program. And, of course, automation can add value not only in reducing manual work, but also in ensuring that everything is up-to-date and working as it should in real time. Security teams may just need to work more creatively."

More information on the study is available on the Tripwire site.

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • an online form with checkboxes, a shield icon for security, and a lock symbol for privacy, set against a clean, monochromatic background

    Educause HECVAT Vendor Assessment Tool Gets an Upgrade

    Educause has announced HECVAT 4, the latest update to its Higher Education Community Vendor Assessment Toolkit.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • university building surrounded by icons for AI, checklists, and data governance

    Improving AI Governance for Stronger University Compliance and Innovation

    AI can generate valuable insights for higher education institutions and it can be used to enhance the teaching process itself. The caveat is that this can only be achieved when universities adopt a strategic and proactive set of data and process management policies for their use of AI.

  • DeepSeek on AWS

    AWS Offers DeepSeek-R1 as Fully Managed Serverless Model, Recommends Guardrails

    Amazon Web Services (AWS) has announced the availability of DeepSeek-R1 as a fully managed serverless AI model, enabling developers to build and deploy it without having to manage the underlying infrastructure.