Everyone is busy writing their cybersecurity predictions for 2018, and while I haven’t published my list yet, here’s an easy call — the cybersecurity skills shortage will continue to be an existential threat in 2018.
As a review, here are a few data points that lead me to this conclusion:
- Forty-five percent of organizations claim to have a problematic shortage of cybersecurity skills in 2017. By the way, 46 percent of organizations claimed to have a problematic shortage of cybersecurity skills in 2016, so things are not improving.
- According to a recent survey of cybersecurity professionals conducted by ESG and the information systems security association (ISSA), 70 percent of organizations say they’ve been impacted by the global cybersecurity skills shortage. The ramifications of the skills shortage include increasing workloads for the security staff, the need to hire and train junior personnel, and most of cybersecurity staff time spent on emergencies.
- As a function of the skills shortage, 49 percent of cybersecurity professionals are solicited to consider another cybersecurity job at least once per week.
Given the cybersecurity skills shortage and cut-throat recruiting going on, CISOs should do everything they can to make sure cybersecurity staff members remain happy and productive. This begs an obvious question: What type of work environment is most appealing to infosec professionals?
4 factors that determine cybersecurity professionals' job satisfaction
To find out, ESG and ISSA asked 343 cybersecurity professionals to identify the biggest factors determining job satisfaction. Here are the top responses:
- Competitive or leading financial compensation (42 percent). This stands to reason due to the high demand for talent. Needless to say, it will be difficult, if not impossible, to get cybersecurity pros on the cheap.
- Support and financial incentives that enable cybersecurity staff members to advance their careers (38 percent). In other words, they want training perks, career counseling, and an organization willing to invest in their futures.
- Strong commitment to cybersecurity by business managers (37 percent). This means leadership from the corner (i.e. CEO’s) office, line-of-business buy-in, and a culture that values and exudes cybersecurity.
- The ability to work with a highly skilled and talented staff (34 percent). This includes mentoring programs for junior employees and strong collaboration for more senior staffers.
Based upon this list, even the best-and-brightest CISO will not be able to create a world-class cybersecurity organization on his or her own. It will take a holistic “village” driven by executive management, supported by HR, embraced by IT, and directed by hands-on and caring cybersecurity leaders.
For more, here’s a link to the entire ESG/ISSA report, which is available for free download. Your feedback is welcome!