Acute Cybersecurity Skills Shortage Areas

In my last blog, I reviewed some new research from ESG and the Information Systems Security Association (ISSA), revealing that 70% of cybersecurity pros say that the global cybersecurity skills shortage has impacted their organizations. Based upon this and other similar research, I’m convinced that the cybersecurity skills shortage represents an existential risk to our data, businesses, and national security.

Topics: Cybersecurity security analytics security operations cloud security application security ISSA security investigations

New Research Confirms the Cybersecurity Skills Shortage Is an Existential Threat

I’ve been writing about the cybersecurity skills shortage for 7 years, clucking like a digital "chicken little" to anyone who would listen. If you’ve followed my blogs, you probably know that ESG research from early 2017 indicated that 45% of organizations said they have a problematic shortage of cybersecurity skills. This data represents large and small organizations across all geographic regions so the cybersecurity skills shortage can be considered a pervasive global issue.

Topics: Cybersecurity cybersecurity skills shortage ISSA

What’s Holding Back Enterprise Security Technology Transformation?

Last week, I wrote a blog about the rapid cycle of innovation happening with security technologies today – I’ve never experienced a time when every element of the security stack is transforming.

New security technologies are arriving at an opportune time. According to ESG research, 69% have increased their cybersecurity budgets in 2017 and my guess is that they will continue to increase investment in 2018. And when asked which BUSINESS initiatives will drive the most IT spending, 39% of organizations responded, “increasing cybersecurity protection.” This means that business executives are buying into the need for cybersecurity improvements all around. 

Topics: Network Security Cybersecurity SIEM CISO cloud security ISSA

What is an Enterprise-class Cybersecurity Vendor?

On Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Topics: Information Security IBM Cybersecurity Cisco McAfee Symantec CISO NIST ISSA

Cybersecurity Analytics and Operations Skills Shortage

If you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage. Allow me to report some sad news: Things aren’t improving at all. In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills. In 2017, the research is statistically the same as last year; 45% of organizations say they have a problematic shortage of cybersecurity skills.

Topics: Cybersecurity SIEM CISO security analytics mssp security operations ISSA SOC

Cybersecurity Skills Shortage Impact on Technology Innovation

I continue to research and write about the ongoing global cybersecurity skills shortage. For example, ESG research indicates that 45% of organizations report a problematic shortage of cybersecurity skills today, more than any other area within IT.

Want more?  Here are a few tidbits from last year’s research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members:

Topics: Network Security Cybersecurity ISSA SOAPA security operations and analytic platform

Cybersecurity Skills Shortage Threatens the Mid-market

ESG conducts an annual global survey of IT and cybersecurity professionals, and this year’s survey included 641 global respondents. Each year, these respondents are asked to identify the area where their organizations have a problematic shortage of skills.  or the sixth year in a row, cybersecurity skills topped the list—this year, 45% of respondents say that their organization has a problematic shortage of cybersecurity skills. 

Topics: Cybersecurity cybersecurity skills shortage CISO NIST ISSA

People, Process, and Technology Challenges with Security Operations

These days, it’s tough for any organization to keep up with cybersecurity operations. Why? Well the bad guys are pretty persistent for starters, launching a blitzkrieg of attacks and new types of exploits all the time. 

Okay, hackers are relentless but we’ve always known this and their behavior isn’t likely to change anytime soon. What’s really disturbing, however, is that a lot of problems associated with cybersecurity are based upon our own intransigence. And organizations aren’t struggling with one issue, rather, cybersecurity operations challenges tend to be spread across people, processes and technology. When it comes to security operations, it’s kind of a ‘death by a thousand cuts’ situation. 

Topics: Cybersecurity SIEM network security operations ISSA SOAPA SOC

Cybersecurity Skills Shortage Holding Steady

The cybersecurity skills shortage is nothing new—I’ve been writing about it for years, as have other analysts and researchers.  I’ve also done countless presentations on this topic. Here’s a video where I’m interviewed on the cybersecurity skills shortage at the RSA Conference a few years ago. I also presented on this topic at the RSA Conference that same year. 

Topics: Cybersecurity cybersecurity skills shortage CISO ISSA

IT Experience Can Be Beneficial for a Cybersecurity Career

Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations, and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. New ESG research discloses that 45% of organizations report a problematic shortage of cybersecurity skills in 2017.

Clearly we need more smart and well-prepared people to enter the cybersecurity ranks but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress. (Note:  The two ESG/ISSA research reports are available for free download here).

Topics: Cybersecurity cybersecurity skills shortage ISSA