I\u2019ve written countless times about the cybersecurity skills shortage but here\u2019s a quick summary of a few ESG research data points that illustrate the scope of this problem: 1. 25% of mid-market (i.e. 100 to 999 employees) and enterprise (i.e. more than 1,000 employees) report a \u201cproblematic shortage\u201d of IT security skills. 2. 36% of organizations increasing IT headcount this year plan to hire information security staff. Of all the IT headcount being added in 2013, hiring information security professionals is the highest of priority. 3. 83% of enterprise organizations say that it is \u201cextremely difficult\u201d or \u201csomewhat difficult\u201d to recruit and hire information security specialists. Those organizations having the hardest time include companies in rural areas, mid-market firms, and vertical industries like academia, and the public sector. I remain amazed and incredulous that the cybersecurity skills shortage gets so little attention but a few others are also screaming from the hilltops to get governments, the security industry, and educators to pay attention. For example, IBM recognizes that a dearth of cybersecurity skills presents a threat to its customers, its security business, and its services organization. Let\u2019s face it; no one will build \u201csmarter planet\u201d applications if there aren\u2019t a whole bunch of highly-skilled security professionals to keep them safe. IBM isn\u2019t just assuming the role of Chicken Little and yelling about how the cybersecurity skills sky is falling. Rather, the folks in Armonk are actually trying to do something about it. For example, IBM just published a paper called, Cybersecurity Education for the Next Generation (http:\/\/public.dhe.ibm.com\/common\/ssi\/ecm\/en\/ede12345usen\/EDE12345USEN.PDF). The paper provides a high-level overview of the current state of cybersecurity skills and education and then suggests a few changes. For example, IBM suggests that cybersecurity programs must become: \u2022 More comprehensive. Yes, firewall rules and AV signatures are important, but the next-generation of cybersecurity leaders need to be able to understand cybersecurity as it relates to the business, legal system, and society. This means that cybersecurity education has to branch out from the Computer Science department alone. \u2022 More cooperative. Cybersecurity protection doesn\u2019t work when the CISO and team are not part of business, IT, and application planning. That said, many groups view the security team in an adversarial way. The next-generation of cybersecurity leaders must be able to break down legacy walls and become business facilitators rather than business impediments. \u2022 Book smart and street smart. We need cybersecurity people who understand what works in theory and practice. A degree or certification alone isn\u2019t enough. Think of this document as a starting point for future discussion. Given IBM\u2019s size and resources, I hope it pushes this agenda further with leading academic institutions. The cybersecurity skills shortage will not solve itself so ignoring the problem is equivalent to \u201csecurity by obscurity.\u201d Since we all know how ineffective this strategy is, I hope that others follow IBM\u2019s lead and take this issues more seriously. Like it or not, we all have skin in this game.