Struggling With The Cyber Security Skills Shortage

Nearly three out of four organisations are struggling with a gap in security skills.  While non-IT professionals  consider cyber security professionals in a positive light, few of them are interested a career in IT. In fact, 68% of all IT and security professionals say they have to work on advancing their cyber skills on their own time.

New research shows how security skills are lacking across multiple IT disciplines,  including network engineers, systems administrators and cloud developers. 

According to new data from Cybrary, 46% of organisations do not confirm new-hires' skills for specific roles and 40% rarely or never assess the skills of newly on-boarded team members. IT and security professionals are avidly working to improve their skills on their own personal time, even while reporting cost and lack of time as significant barriers. Respondents overwhelmingly preferred online learning for job-related skills (62%) including online courses, virtual labs, and web-based media to help them gain new skills for improving current job performance and advancing their careers. 

According to survey respondents, IT and security professionals want to improve their job skills with 40% spending time every day, while another 38% at least once a week. Nearly half (48%) invest their own time before and after work, or on weekends (20%) to improve their skills. However, cost (33%) and lack of time (28%) are the main barriers preventing IT and security professionals from getting the skills development training they need to do their jobs to the best of their abilities. Even more disturbing, 40% say these barriers have a major/severe impact on developing their skills. 

Another report by the Enterprise Strategy Group (ESG), and the Information Systems Security Association (ISSA) professionals reveal that cyber security skills continue to deteriorate for the fourth year in a row. This situation has affected over 70% of organisations putting their operations at risk. 

The data uncovered in this research year over year also demonstrates that there are multiple issues contributing to the problem of “a cybersecurity skills gap.” 

This includes the problem that businesses don’t understand the role of information security and there is no clear and agreed upon career map within our profession, and cyber security professionals are under constant stress of attempting to improve collaboration efforts with IT. 

Respondents clearly indicated a preference for learning through online, self-paced courses (38%) along with online virtual labs (17%). Their motivation appears to focus on improving their current job performance (25%) or advancing their careers (29%), rather than pursuing a new career path (13%). 

IT and security team members are not getting the full support they need to improve skills since about half of organisations have either decreased their training budgets (22%) or kept them the same (25%) this past year. Even more disturbing, 16% of respondents report their organisations do not have any training budget at all. 

The studies show that the lack of a well-defined career path for cyber security professionals was mainly to blame for the cyber security skills gap. 

About 68% of the professionals interviewed did not have a defined career path. Additionally, historical solutions implemented to address the problem only made it worse. The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities. About 68 percent of the cyber security professionals surveyed said they don’t have a well-defined career path. They say they don’t have basic growth activities, such as finding mentor, getting basic cyber security certifications, taking on cyber security internships and joining a professional organisation, are missing steps in their endeavors.

The survey also found that many professionals start out in IT, and find themselves working in cyber security without a complete skill set. 

A full 63 percent of respondents in the survey said they’ve worked in cyber security for less than three years, with 76 percent starting as IT professionals before switching their career to cyber security. All of this comes as cyber-attacks continue to ramp up. Survey respondents were asked to compare the status of cyber-adversaries with that of cyber-defenders, and 67 percent of respondents said they believe that cyber adversaries have a big advantage.

ISSA:   CPO Magazine:   Infosecurity Magazine:   Threatpost:     Dark Reading:

You Might Also Read

Sentiment About Cyber Security Professionals Improves:

 

 

« The Same Russians Who Hacked Clinton Are Targeting Biden
Technology Trends to Watch Out For »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

InterVision

InterVision

InterVision is a leading Strategic Services Provider, assisting businesses in driving value and gaining a competitive edge by helping IT Leaders solve the most crucial challenges they face.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

FiberWolf

FiberWolf

FiberWolf is a Managed Security Service Provider (MSSP) serving customers from diverse industries including Government, Education, Banking and Technology.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

Cyber CNS

Cyber CNS

CyberCNS is a Vulnerability Management Solution that is purpose built for MSPs and MSSPs.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.