Search Results

This article was written by Jon Oltsik from CSO Magazine and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to

I’ve written a lot about the cybersecurity skills shortage lately based upon data from a new research report titled, The Life and Times of Cybersecurity Professionals, a collaborative effort done by ESG and the information systems security association (ISSA). The report indicates that:

  • Seventy percent of cybersecurity professionals believe their organizations have been impacted by the cybersecurity skills shortage.
  • What type of impact? Sixty-three percent say the cybersecurity skills shortage has increased the workload on existing staff, 41 percent have had to hire junior personnel in lieu of more experienced staff, and 41 percent claim the cybersecurity staff spends a disproportional amount of time on incident response and limited time on planning and strategy.
  • The areas where the skills shortage is most acute include security investigations/analysis (31 percent), application security (31 percent), and cloud security (29 percent).

In aggregate, many organizations don’t have enough cybersecurity staff and lack some (or many) advanced skills.

Continuous cybersecurity education is essential

The research revealed another disturbing trend around cybersecurity training. Much like the state of healthcare and medicine, cybersecurity changes all the time based upon hackers’ tactics, techniques, and procedures (TTPs), new technologies, etc. Consequently, continuous education is essential.

Cybersecurity professionals agree with this requirement. According to the ESG/ISSA research, 96 percent of cybersecurity professionals strongly agree or agree that they must keep up with their skills or the organizations they work for will be at a significant disadvantage against today’s cyber-threats.

Clearly, cybersecurity pros should keep their skills up to date through continuous education and training, but unfortunately, the research also indicates this isn’t happening:

  • Two-thirds (67 percent) admit they try to keep up with training but lament that it is hard to do so because of the demands of their jobs.
  • Only 38 percent of cybersecurity pros say their organizations provide the right level of training and education on the latest threats and TTPs. Alarmingly, 27 percent of survey respondents say their organization should provide significantly more.

Allow me to summarize this data for emphasis: Most cybersecurity pros are too busy to keep up with training on their own. Employers aren’t helping — most aren’t supporting the cybersecurity staff with an adequate level of training.

This is a disturbing situation that needs to be rectified as soon as possible. CISOs must:

  • Assess the skills level of the cybersecurity staff and identify skills deficits.
  • Find ways to address workload bloat by investing in security automation, staff augmentation, and managed services.
  • Provide ample opportunities for skills development through onsite training, mentoring, networking, and continuing education.
  • Measure and compensate the cybersecurity staff (and themselves) on skills development.

Note that the ESG/ISSA research report is available for free download here. Your feedback is welcome.

Cyber security is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodafone provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. We are trusted by organisations globally, including utilities, financial institutions and government agencies. For more cyber security, insights, you can find us on Twitter and LinkedIn.

main_icn_24_7_support24-delivery 360-view4gmain_icn_Accessoriesmain_icn_Appsapple market_icn_Batterybroadband-devicecalendarmarket_icn_Minutesmain_icn_Cameramain_icn_Chatmain_icn_Chevron_downmain_icn_Chevron_leftmain_icn_Chevron_rightmain_icn_Chevron_upmain_icn_Tick_simpleClose_thick_0.1main_icn_Closecommunity-thin main_icn_Community_or_Foundationdashboard-hidashboard-thin main_icn_Dashboardmarket_icn_Data_Sharingmarket_icn_Dealsmain_icn_Deletemain_icn_Deliverymain_icn_Dislikemain_icn_Downloadmain_icn_Editerror-circlefacebook-thin main_icn_Social_Facebookmain_icn_Filtermain_icn_Filtergogoogle-plus-thin social-google-plushelp-hi_1helpmain_icn_Likemarket_icn_LinkedInlocation-hilocation-regular location-thin main_icn_Locationmail-newmarket_icn_Screen_sizemain_icn_Menumarket_icn_SMSmobile-broadbandmain_icn_Mobilemain_icn_My_Vodafonenetwork-signal-hinetwork-thin main_icn_Network_signalmain_icn_Pausemain_icn_PAYGsocial-paypalmain_icn_Photospin_alertpin_manpin_warningplay-circle main_icn_Play_circlemain_icn_Play_arrowmain_icn_Add_or_Plus0_rating5_ratingrating-filled ratingmain_icn_Ratingsrefresh main_icn_Bill_or_Reportmain_icn_Reportsmain_icn_Roamingmain_icn_Searchmain_icn_Securityshareshoppingmarket_icn_SIM_Swapmain_icn_Social_Twitterspeech-bubble main_icn_Studenttail [Converted]technology test_app main_icn_Texttick-bordered tick-simple main_icn_Tick_simplemain_icn_Top_upmain_icn_TVtwitter-thin main_icn_Social_Twitterusersmain_icn_Viewedmarket_icn_Vodafone_storeWarning_0.1warningweightwindow market_icn_Multinationalyoutube-thin social-youtube