The Cyber Skills Shortage Is Not Getting Any Better

As digital transformation drives the importance of cyber security to a company’s value proposition, cyber security managers continue to face big challenges in finding people with the right skills. 

According to a recent survey conducted by cyber security recruitment firm Stott amd May, in conjunction with Forgepoint Capital, internal skills continue to represent the single most significant barrier to strategy execution for 43% of cyber security leaders. Other key hurdles included budget (35%), technology (13%), and board-level buy-in (9%).

The research, entitled ‘Cyber Security in Focus’, provides insight into the thoughts and core priorities of a snapshot cohort of 55 security leaders and examined critical themes including the skills shortage, inhibitors to strategy execution as well as the business perception of cyber security functions. Respondents come  from Stott and May’s professional network across Europe, the Middle East and Africa (EMEA) and North America. The roles surveyed included Cyber Security Directors, Security Operations Directors, and VPs of Product Security, with 36% of the sample originating directly from the CISO community. 

Highlights from the survey include:

  • Security leaders continue to experience challenges sourcing experienced talent, with 73% highlighting it as an area of concern. Time-to-hire also remains a potent issue. 35% pointed to positions being left unfilled after a 12-week period.
  • Further evolution surrounding the working pattern of security professionals looks likely, with 73% of security leaders favoring a hybrid approach and an additional 22% going fully remote.
  • The significance of cyber security is becoming even more broadly recognized internally, as 80% of security leaders believe their business perceives the function as a ‘strategic priority’ – up from 54% last year.
  • 100% of the sample of cyber security leaders now either agree (38%) or strongly agree (62%) that their business feels the function plays a role in improving the overall value proposition to customers.
  • Concern is growing among 51% of respondents that cyber security investment is not keeping pace with the drive towards digital business.
  • 54% of hiring managers believe that salaries have increased more than 11% year on year, further highlighting the demand for talent.

The challenges posed by digital transformation and the sheer pace of agile software development are also culminating in the emergence of a new type of CISO: the engineering-centric CISO.

“A lot of digital transformation is inherently going to be driven by engineering and finding a CISO that can empower developers with knowledge, tooling, and experience will enable outcomes to be achieved faster and more securely.” according to William Lin of Forgepoint Capital,

Shifting security into the product development lifecycle is a central issue for CISOs. James Dolph, CISO at Guidewire Software commented  “... security is not and cannot be viewed as an add-on, it is not optional and should be part of the company’s value proposition.”

Stott And May:

You Might Also Read: 

The Cyber Skills Shortage & Training Gap - What Is The Solution?:
 

« Beware PowerPoint Files With Hidden Malware
Google & Facebook Will Have To Pay British Newspapers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

VisionWare

VisionWare

VisionWare provide consulting services and solutions in areas covering both physical and digital security.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Dr Web

Dr Web

Since 1992 the Russian anti-virus Dr.Web has been helping companies to keep their digital assets protected and operate in a secure digital environment.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Sri Lanka CERT

Sri Lanka CERT

Sri Lanka CERT is the National Centre for Cyber Security, which has the national responsibility of protecting the nation’s cyberspace from cyber threats.

Insurica

Insurica

INSURICA is a full-service insurance agency built upon a tradition of integrity, industry leadership, and excellence.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.

Waterleaf International

Waterleaf International

Waterleaf provide advanced network and cybersecurity solutions - informed by data sciences. Transforming Connectivity, Security and Information for Municipalities, Government & Enterprise.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.