Where are the cybersecurity experts?

There’s no way to sugarcoat it; the shortage of cyber security professionals is at an all-time high just as attacks are also reaching record levels.

By various estimates, there will be a global shortage of between four and six million security pros between now and 2020. The Peninsula Press project of the Stanford University Journalism Program determined that more than 209,000 cybersecurity jobs in the U.S. were unfilled, with vacancies up 74% over the past five years. A recent Enterprise Strategy Group survey found that 46% of organizations say they have a “problematic shortage” of cybersecurity skills.

There are no magic wands to make this problem go away, but there are steps you can take to lessen the severity and plan for the future.

Take care of the basics

While specialized technical skills are scarce and expensive, the most pervasive security problems require neither extensive training nor even much technical knowledge. Lackadaisical password practices are the number one security threat most organizations face. One study found that just 20 passwords make up more than 10% of all passwords in use. Another said up to 45% of people can be tricked by well-constructed phishing attacks.

The good news is that education can bring both of these numbers down dramatically. Security training firm KnowBe4 reports that the number of employees who click on rogue links in phishing emails drops from nearly 16% to 1.2% with training.

Grow your own

Rather than spending months at the thankless task of trying to recruit high-priced security talent, you might be better served by building your own. Ambitious IT staff members will leap at the opportunity to add valuable skills to their resumes, and few skills are more valuable than this one right now.

Also, consult with local colleges and universities. Many are now trying to build their own cybersecurity programs, and they’ll be open to internship opportunities you can provide. By the time those interns are ready to graduate, they’re natural candidates for full-time employment.


Few companies keep their software patched and up-to-date. In fact, Cisco researchers recently scanned more than 100,000 Internet-connected devices and found that each, on average, had 28 known vulnerabilities whose average age was 5.64 years.

Patching is a pain, particularly with old and brittle systems, but the vast majority of successful hacks target unpatched computers. If you think in terms of continually modernizing your systems, you can avoid much of the hassle. Modernization means looking at every significant upgrade or technology deployment as an opportunity to bring related components up to date.

Look to new tech solutions

Help may also be on the way in the form of automation. New solutions are emerging that use machine learning to automate the tedious process of scanning logs and looking for false alerts. Keep your eyes open for developments in this area, because Big Data may ultimately be the best ally we have in solving the security skills shortage.

Countless cybersecurity reports are published every year, and they all boil down to the same basic set of recommendations: educate, patch, identify, isolate and contain. These fundamentals won’t stop a determined attacker, but they will protect you from the vast majority of day-to-day threats.

Paul Gillin writes, speaks and trains marketers and corporate executives to think like publishers. Gillin specializes in social media for B2B companies. He is a veteran technology journalist with more than 25 years of editorial leadership experience. All opinions expressed are his own. AT&T has sponsored this blog post.

Copyright © 2016 IDG Communications, Inc.