Most Recent Blogs

Cybersecurity Skills Shortage: Profound Impact on Security Analytics and Operations

Posted: July 24, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, SIEM, CISO, network security analytics, network security operations

skills-shortage.jpgI’ve written a lot about the cybersecurity skills shortage over the past 5 years. For example, ESG research indicates that 45% of organizations claim to have a problematic shortage of cybersecurity skills. 

Read More

The Rise of Enterprise-class Cybersecurity Vendors

Posted: May 09, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, ERP

enterprise_cybersecurity.jpgWhen I’m asked to explain what’s happening with enterprise cybersecurity technology, I often use an analogy from the business software market in the 1990s. 

Back then, application vendors tended to specialize in one area – PeopleSoft owned HR, Baan offered manufacturing apps, JD Edwards played in finance, etc. Around 1995, companies began replacing these departmental applications with enterprise-class ERP solutions from Oracle and SAP. The objective? Centralize all business data into a common repository that could anchor the business and be updated and used for various departmental functions and business processes in real-time. Yes, the ERP journey was a bit painful but the transition resulted in a steady increase in business productivity, enhanced efficiency, and better decision making.

Read More

Enterprise Security Technology Consolidation

Posted: April 27, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, SOAPA

L465891421.jpgook around the cybersecurity infrastructure at any enterprise organization and here’s what you’ll see – dozens and dozens of cybersecurity tools from just as many vendors. 

Now this situation wasn’t planned, it just happened. Over the past 15 years, bad guys developed new cyber-weapons to exploit IT vulnerabilities. Large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today’s patchwork of security point tools. 

So, what’s the problem? Point tools aren’t really designed to talk with one another, leaving human beings to bridge the communications, intelligence, and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration, and ongoing operational support. More tools, more needs.

Read More

Cybersecurity Skills Shortage Threatens the Mid-market

Posted: April 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, NIST, ISSA

skills-training.jpgESG conducts an annual global survey of IT and cybersecurity professionals, and this year’s survey included 641 global respondents. Each year, these respondents are asked to identify the area where their organizations have a problematic shortage of skills.  or the sixth year in a row, cybersecurity skills topped the list—this year, 45% of respondents say that their organization has a problematic shortage of cybersecurity skills. 

Read More

Cybersecurity Skills Shortage Holding Steady

Posted: March 07, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, ISSA

skills-shortage.jpgThe cybersecurity skills shortage is nothing new—I’ve been writing about it for years, as have other analysts and researchers.  I’ve also done countless presentations on this topic. Here’s a video where I’m interviewed on the cybersecurity skills shortage at the RSA Conference a few years ago. I also presented on this topic at the RSA Conference that same year. 

Read More

IT Experience Can Be Beneficial for a Cybersecurity Career

Posted: March 01, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, ISSA

training.jpgGiven my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations, and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. New ESG research discloses that 45% of organizations report a problematic shortage of cybersecurity skills in 2017.

Clearly we need more smart and well-prepared people to enter the cybersecurity ranks but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress. (Note:  The two ESG/ISSA research reports are available for free download here).

Read More

High Demand Cybersecurity Skills in 2017

Posted: December 20, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, cloud security, application security, security analyst, security engineer, penetration testing

business-people.jpgAs I’ve written many times, the cybersecurity skills shortage is the biggest cybersecurity issue we face today. Not only are there too few bodies to fill the cybersecurity jobs, but a recent series of research reports from ESG and the Information Systems Security Association (ISSA) indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous threats. Yikes!

Read More

New Research Reveals Cybersecurity Skills Shortage Impact

Posted: December 16, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, NICE, NIST, ISSA

skills-shortage.jpgWhen it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little” as I’ve been screaming about this issue for the last 5 years or so. As an example, ESG research conducted in early 2016 indicated that 46% of organizations said that they have a problematic shortage of cybersecurity skills.

Read More

Which Job-related Factors Alienate Cybersecurity Pros?

Posted: November 21, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, ISSA

overwhelmed.jpgWhen it comes to cybersecurity jobs, it is truly a seller’s market. According to ESG research published early this year, 46% of organizations report a problematic shortage of cybersecurity skills. Additionally, a more recent research report from ESG and the Information Systems Security Association (ISSA) indicates that 46% of cybersecurity professionals are solicited by recruiters to consider another job at least once each week!

The data indicates that there aren’t enough cybersecurity professionals around and those that are employed are in high demand. This puts a lot of pressure on CISOs and human resources people to make sure to keep their existing cybersecurity staff happy so they don’t walk out the door when they are barraged by headhunters’ calls. 

Read More

The Scary State of the Cybersecurity Profession

Posted: November 09, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, ISSA

worried.jpgMost discussions about cybersecurity tend to go right to technology, and these days usually start with the words “next-generation” as in next-generation firewalls, IPS, endpoint security etc. I get it since innovative technology is sexy, but it’s important to realize that skilled cybersecurity professionals anchor cybersecurity best practices. We depend on actual people to configure controls, sort through data minutiae to detect problems, and remediate issues in a timely manner.

Since these folks protect all our digital assets daily, it’s only natural that we’d be curious as to how they are doing. To measure these feelings, ESG teamed up with the Information Systems Security Association (ISSA) and conducted a survey of 437 global cybersecurity professionals. This project resulted in a recently published research report

Read More

Posts by Topic

see all