• United States



Contributing Writer

More On The Security Skills Shortage Issue

Jun 21, 20122 mins
CareersCisco SystemsCloud Computing

Critical problem remains under the radar of the industry

I frequently peruse information security news, and recently came across this article.  The article highlights Symantec CEO Enrique Salem’s warning of a shortage of talented cybersecurity professionals in the United States.  Furthermore, this shortage is especially pronounced where it may be needed most — law enforcement, intelligence agencies, and the Department of Defense.

I’ve been writing and researching this topic for the last few years, and the Symantec CEO is absolutely right.  Bravo Enrique, and thanks for articulating this issue.

I don’t know why the growing security skills shortage isn’t getting more attention since it really impacts all of us.  While the industry waxes poetically about cloud security and Bring Your Own Device (BYOD) we are neglecting a fundamental question:  Who is going to perform security tasks in these areas if we don’t have the right skills in-house and can’t hire anyone who does?

Let me elaborate on the security skills shortage with some soon-to-be published ESG Research:

  1. 55% of enterprise (i.e. more than 1,000 employees) plan to hire information security/cybersecurity professionals in 2012.
  2. 83% of enterprise organizations say it is “extremely difficult” or “somewhat difficult” to recruit/hire information security professionals.
  3. Specific skills where there is a “problematic shortage” of information security skills include cloud/server virtualization security (42% of organizations), endpoint/mobile device security (31% of organizations), network security (31% of organizations), data security (30% of organizations), and security analytics/forensics (30% of organizations).

A few take-aways:

  1. We have additional data suggesting that this skills shortage is creating a boom market in managed and professional security services.
  2. Skills shortages are especially prevalent in smaller companies, those in rural areas, and industries with lower IT salaries like government, education, and health care.
  3. Note that the skills shortage really impacts new technology initiatives like cloud and mobility.
  4. To overcome the skills shortage, new security technologies must include standard templates, reference architectures, and far more automation. 

I’ve presented at a number of CISO events this spring and almost every security executive I meet violently agrees with the ESG data.  Let’s hope more industry leaders recognize this and follow Enrique Salem’s lead.  After all, it’s hard to sell products if there is no one around to buy them.  . 

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author