The Cybersecurity Skills Shortage Acts as A Root Cause for Security Events

ESG recently published a new research report titled, The Life and Times of Cybersecurity Professionals, with its research partner, the Information Systems Security Association (ISSA). 

The research looks closely at the ramifications of the cybersecurity skills shortage – beyond the obvious conclusion that there are more cybersecurity jobs than people with the right skills and background to fill these jobs.

Topics: Cybersecurity cybersecurity skills shortage incident response ISSA

New Research Confirms the Cybersecurity Skills Shortage Is an Existential Threat

I’ve been writing about the cybersecurity skills shortage for 7 years, clucking like a digital "chicken little" to anyone who would listen. If you’ve followed my blogs, you probably know that ESG research from early 2017 indicated that 45% of organizations said they have a problematic shortage of cybersecurity skills. This data represents large and small organizations across all geographic regions so the cybersecurity skills shortage can be considered a pervasive global issue.

Topics: Cybersecurity cybersecurity skills shortage ISSA

Cybersecurity Skills Shortage: Profound Impact on Security Analytics and Operations

I’ve written a lot about the cybersecurity skills shortage over the past 5 years. For example, ESG research indicates that 45% of organizations claim to have a problematic shortage of cybersecurity skills. 

Topics: Cybersecurity cybersecurity skills shortage SIEM CISO network security analytics network security operations

The Rise of Enterprise-class Cybersecurity Vendors

When I’m asked to explain what’s happening with enterprise cybersecurity technology, I often use an analogy from the business software market in the 1990s. 

Back then, application vendors tended to specialize in one area – PeopleSoft owned HR, Baan offered manufacturing apps, JD Edwards played in finance, etc. Around 1995, companies began replacing these departmental applications with enterprise-class ERP solutions from Oracle and SAP. The objective? Centralize all business data into a common repository that could anchor the business and be updated and used for various departmental functions and business processes in real-time. Yes, the ERP journey was a bit painful but the transition resulted in a steady increase in business productivity, enhanced efficiency, and better decision making.

Topics: Cybersecurity cybersecurity skills shortage ERP

Enterprise Security Technology Consolidation

Look around the cybersecurity infrastructure at any enterprise organization and here’s what you’ll see – dozens and dozens of cybersecurity tools from just as many vendors. 

Now this situation wasn’t planned, it just happened. Over the past 15 years, bad guys developed new cyber-weapons to exploit IT vulnerabilities. Large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today’s patchwork of security point tools. 

So, what’s the problem? Point tools aren’t really designed to talk with one another, leaving human beings to bridge the communications, intelligence, and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration, and ongoing operational support. More tools, more needs.

Topics: Cybersecurity cybersecurity skills shortage SOAPA

Cybersecurity Skills Shortage Threatens the Mid-market

ESG conducts an annual global survey of IT and cybersecurity professionals, and this year’s survey included 641 global respondents. Each year, these respondents are asked to identify the area where their organizations have a problematic shortage of skills.  or the sixth year in a row, cybersecurity skills topped the list—this year, 45% of respondents say that their organization has a problematic shortage of cybersecurity skills. 

Topics: Cybersecurity cybersecurity skills shortage CISO NIST ISSA

Cybersecurity Skills Shortage Holding Steady

The cybersecurity skills shortage is nothing new—I’ve been writing about it for years, as have other analysts and researchers.  I’ve also done countless presentations on this topic. Here’s a video where I’m interviewed on the cybersecurity skills shortage at the RSA Conference a few years ago. I also presented on this topic at the RSA Conference that same year. 

Topics: Cybersecurity cybersecurity skills shortage CISO ISSA

IT Experience Can Be Beneficial for a Cybersecurity Career

Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations, and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. New ESG research discloses that 45% of organizations report a problematic shortage of cybersecurity skills in 2017.

Clearly we need more smart and well-prepared people to enter the cybersecurity ranks but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress. (Note:  The two ESG/ISSA research reports are available for free download here).

Topics: Cybersecurity cybersecurity skills shortage ISSA

High Demand Cybersecurity Skills in 2017

As I’ve written many times, the cybersecurity skills shortage is the biggest cybersecurity issue we face today. Not only are there too few bodies to fill the cybersecurity jobs, but a recent series of research reports from ESG and the Information Systems Security Association (ISSA) indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous threats. Yikes!

Topics: Cybersecurity cybersecurity skills shortage CISO cloud security application security security analyst security engineer penetration testing

New Research Reveals Cybersecurity Skills Shortage Impact

When it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little” as I’ve been screaming about this issue for the last 5 years or so. As an example, ESG research conducted in early 2016 indicated that 46% of organizations said that they have a problematic shortage of cybersecurity skills.

Topics: Cybersecurity cybersecurity skills shortage NICE NIST ISSA