Cutting Through Endpoint Security Marketing Hype is a Challenge for Buyers and Vendors Alike

Endpoint security is a fast-paced, dynamic market right now. The amount of funding, M&A, and general product development is moving at what can feel like a blurring speed, and separating the facts from the marketing language can be a challenge.

For a thought experiment, imagine for a moment you are a CIO/CISO/equivalent in charge of the security budget.  You are a little behind, maybe updating from an AV-only environment to a more advanced endpoint solution. How do you go about selecting a vendor? How do you begin quantifying your organizational needs? 

Topics: Information Security endpoint endpoint security IT buyers IT Spending Intentions skills shortage IT purchasing IT skills security spending

Cybersecurity Skills Haves and Have Nots

I’ve written a lot lately about the cybersecurity skills shortage. For example, 25% of organizations claim that they have a problematic shortage of IT security skills. On an industry basis, 36% of government agencies say they have a problematic shortage of IT security skills, followed by 29% of manufacturing companies, and 28% of financial services firms.

ESG often builds a segmentation model as part of its research projects to further analyze survey data. The segmentation model divides the total survey population into 3 distinct groups: Advanced organizations (i.e., those with the most cybersecurity resources and strong security policies and processes), progressing organizations (i.e., those with marginal cybersecurity resources and adequate security policies and processes), and basic organizations (i.e., those with fair/poor cybersecurity resources and inadequate security policies and processes). Typically, advanced organizations make up around 20% of the survey population, progressing organizations represent around 60% of the survey population, and basic organizations account for the remaining 20%.

Topics: Cybersecurity Information and Risk Management Security and Privacy Security Enterprise SANS skills shortage ISC2 NICE CISO NIST