Research

Study Reveals Cybersecurity Skills Shortage

• By Rhea Kelly
• 09/06/17

The skills required for information security have changed in the last few years, according to IT security professionals in a recent survey. Security and compliance company Tripwire conducted the study with assistance from Dimensional Research, which revealed 93 percent of security pros are concerned about the cybersecurity skills gap, and 72 percent said it's more difficult to hire skilled security staff compared to two years ago.

The study findings are based on survey responses from 315 IT security professionals at U.S.-based companies with more than 100 employees.

Among the findings:

• Just 20 percent of respondents said their company has hired people without specific security expertise for security roles, and 17 percent plan to do so in the next two years;
• 50 percent plan to invest in training existing security staff;
• 91 percent plan to supplement their security team by outsourcing for skills;
• 88 percent said managed services would help solve the skills gap problem;
• 96 percent said automation will play a role in closing the skills gap; and
• 98 percent said that other functions, such as non-security teams, will be more involved in cybersecurity in the future.

"It's evident that security teams are evolving and maturing with the rest of the cybersecurity industry, but the pool of skilled staff and training simply aren't keeping up," said Tim Erlin, vice president of product management and strategy at Tripwire, in a statement. "For example, beyond their technical duties, security practitioners may now be expected to spend more time in boardrooms or in the CFO's office to secure more budget. While the makeup of the cybersecurity workforce may be changing, the fundamentals of protecting an organization have not. It will be critical during this transition to ensure there's a long-term strategy in place around maintaining their foundational security controls."

Erlin pointed out that security teams can look for help both within their organization and externally: "The skills gap doesn't have to be an operational gap. Security teams shouldn't overburden themselves by trying to do everything on their own," he said. "They can partner with trusted vendors for managed services or subscribe to service plans where outside experts can act as an extension of the team. Organizations should also understand that security is a shared responsibility across different functions, so people from other parts of the business should be involved in the cybersecurity program. And, of course, automation can add value not only in reducing manual work, but also in ensuring that everything is up-to-date and working as it should in real time. Security teams may just need to work more creatively."

More information on the study is available on the Tripwire site.