Everyone is busy writing their cybersecurity predictions for 2018 and while I haven’t published my list yet, here’s an easy call – the cybersecurity skills shortage will continue to be an existential threat in 2018.
As a review, here are a few data points that lead me to this conclusion:
- 45% of organizations claim to have a problematic shortage of cybersecurity skills in 2017. By the way, 46% of organizations claimed to have a problematic shortage of cybersecurity skills in 2016, so things are not improving.
- According to a recent survey of cybersecurity professionals conducted by ESG and the information systems security association (ISSA), 70% of organizations say that they’ve been impacted by the global cybersecurity skills shortage. The ramifications of the skills shortage include increasing workloads for the security staff, the need to hire and train junior personnel, and most of cybersecurity staff time spent on emergencies.
- As a function of the skills shortage, 49% of cybersecurity professionals are solicited to consider another cybersecurity job at least once per week.
Given the cybersecurity skills shortage and cutthroat recruiting going on, CISOs should do everything they can to make sure that current cybersecurity staff members remain happy and productive. This begs an obvious question: What type of work environment is most appealing to infosec pros?
To find out, ESG and ISSA asked 343 cybersecurity professionals to identify the biggest factors determining job satisfaction. Here are the top responses:
- 42% say that they want to work for an organization offering competitive or leading financial compensation. This stands to reason due to the high demand for talent. Needless to say, it will be difficult, if not impossible, to get cybersecurity pros on the cheap.
- 38% say that they want to work for an organization that provides support and financial incentives enabling cybersecurity staff members to advance their careers. In other words, they want training perks, career counseling, and an organization willing to invest in their futures.
- 37% say that they want to work for an organization where business management has a strong commitment to cybersecurity. This means leadership from the corner (i.e., CEO’s) office, line-of-business buy-in, and a culture that values and exudes cybersecurity.
- 34% say that they want to work for an organization that provides the ability to work with a highly-skilled and talented staff. This includes mentoring programs for junior employees and strong collaboration for more senior staffers.
Based upon this list, even the best-and-brightest CISO will not be able to create a world-class cybersecurity organization on his or her own. It will take a holistic “village” driven by executive management, supported by HR, embraced by IT, and directed by hands-on and caring cybersecurity leaders.
For more, here’s a link to the entire ESG/ISSA report which is available for free download. Your feedback is welcome!