The Cyber Skills Shortage Is Not Getting Any Better

As digital transformation drives the importance of cyber security to a company’s value proposition, cyber security managers continue to face big challenges in finding people with the right skills. 

According to a recent survey conducted by cyber security recruitment firm Stott amd May, in conjunction with Forgepoint Capital, internal skills continue to represent the single most significant barrier to strategy execution for 43% of cyber security leaders. Other key hurdles included budget (35%), technology (13%), and board-level buy-in (9%).

The research, entitled ‘Cyber Security in Focus’, provides insight into the thoughts and core priorities of a snapshot cohort of 55 security leaders and examined critical themes including the skills shortage, inhibitors to strategy execution as well as the business perception of cyber security functions. Respondents come  from Stott and May’s professional network across Europe, the Middle East and Africa (EMEA) and North America. The roles surveyed included Cyber Security Directors, Security Operations Directors, and VPs of Product Security, with 36% of the sample originating directly from the CISO community. 

Highlights from the survey include:

  • Security leaders continue to experience challenges sourcing experienced talent, with 73% highlighting it as an area of concern. Time-to-hire also remains a potent issue. 35% pointed to positions being left unfilled after a 12-week period.
  • Further evolution surrounding the working pattern of security professionals looks likely, with 73% of security leaders favoring a hybrid approach and an additional 22% going fully remote.
  • The significance of cyber security is becoming even more broadly recognized internally, as 80% of security leaders believe their business perceives the function as a ‘strategic priority’ – up from 54% last year.
  • 100% of the sample of cyber security leaders now either agree (38%) or strongly agree (62%) that their business feels the function plays a role in improving the overall value proposition to customers.
  • Concern is growing among 51% of respondents that cyber security investment is not keeping pace with the drive towards digital business.
  • 54% of hiring managers believe that salaries have increased more than 11% year on year, further highlighting the demand for talent.

The challenges posed by digital transformation and the sheer pace of agile software development are also culminating in the emergence of a new type of CISO: the engineering-centric CISO.

“A lot of digital transformation is inherently going to be driven by engineering and finding a CISO that can empower developers with knowledge, tooling, and experience will enable outcomes to be achieved faster and more securely.” according to William Lin of Forgepoint Capital,

Shifting security into the product development lifecycle is a central issue for CISOs. James Dolph, CISO at Guidewire Software commented  “... security is not and cannot be viewed as an add-on, it is not optional and should be part of the company’s value proposition.”

Stott And May:

You Might Also Read: 

The Cyber Skills Shortage & Training Gap - What Is The Solution?:
 

« Beware PowerPoint Files With Hidden Malware
Google & Facebook Will Have To Pay British Newspapers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

Actiphy

Actiphy

Actiphy provides a tried and proven backup and disaster recovery software solution to ensure business continuity at all times.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

HYAS Infosec

HYAS Infosec

HYAS is a highly skilled information security firm developing the next generation of information security technology.

Delta Risk

Delta Risk

Delta Risk is a global provider of managed security services and cyber security risk management solutions to government and private sector clients.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Cyberlitica

Cyberlitica

Cyberlitica provides a Workforce Threat Intelligence application that significantly augments companies’ cyber threat prevention efforts.

Resilience First

Resilience First

Resilience First is a not-for-profit organisation, led and funded by business to strengthen collective business resilience in all areas, including cyber security.

NetNordic Group

NetNordic Group

NetNordic is a Nordic system integrator focusing on solutions and services in the area of networking, smart data centers, cybersecurity, and unified communication.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

r00tz Asylum

r00tz Asylum

r00tz Asylum is a nonprofit dedicated to teaching kids around the world how to love being white-hat hackers.

Etisalat

Etisalat

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

ResilientX

ResilientX

ResilientX is an All-In-One Security Testing Platform designed to help MSPs and SMBs to perform their security testing and assessments without having to outsource IT.