Critical problem remains under the radar of the industry I frequently peruse information security news, and recently came across this article. The article highlights Symantec CEO Enrique Salem’s warning of a shortage of talented cybersecurity professionals in the United States. Furthermore, this shortage is especially pronounced where it may be needed most — law enforcement, intelligence agencies, and the Department of Defense.I’ve been writing and researching this topic for the last few years, and the Symantec CEO is absolutely right. Bravo Enrique, and thanks for articulating this issue.I don’t know why the growing security skills shortage isn’t getting more attention since it really impacts all of us. While the industry waxes poetically about cloud security and Bring Your Own Device (BYOD) we are neglecting a fundamental question: Who is going to perform security tasks in these areas if we don’t have the right skills in-house and can’t hire anyone who does?Let me elaborate on the security skills shortage with some soon-to-be published ESG Research: 55% of enterprise (i.e. more than 1,000 employees) plan to hire information security/cybersecurity professionals in 2012.83% of enterprise organizations say it is “extremely difficult” or “somewhat difficult” to recruit/hire information security professionals.Specific skills where there is a “problematic shortage” of information security skills include cloud/server virtualization security (42% of organizations), endpoint/mobile device security (31% of organizations), network security (31% of organizations), data security (30% of organizations), and security analytics/forensics (30% of organizations).A few take-aways:We have additional data suggesting that this skills shortage is creating a boom market in managed and professional security services.Skills shortages are especially prevalent in smaller companies, those in rural areas, and industries with lower IT salaries like government, education, and health care.Note that the skills shortage really impacts new technology initiatives like cloud and mobility.To overcome the skills shortage, new security technologies must include standard templates, reference architectures, and far more automation. I’ve presented at a number of CISO events this spring and almost every security executive I meet violently agrees with the ESG data. Let’s hope more industry leaders recognize this and follow Enrique Salem’s lead. After all, it’s hard to sell products if there is no one around to buy them. . Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe