You’ve seen the high-level stats on the cybersecurity skills gap, but I’ll remind you of some of the main ones from the (ISC)2 Cybersecurity Workforce Study:
- In the United States, the cybersecurity workforce gap is nearly 500,000.
- The cybersecurity workforce needs to grow by 62% in order to meet the demands of U.S. businesses today.
- The global cybersecurity workforce gap is estimated at 4.07 million, so the global workforce needs to grow by an estimated 145%.
As the gap persists, Tripwire continues to keep a pulse on how the skills gap issue is actually being felt by the security experts who are responsible for defending their organizations from cyber attacks every day. Partnering again with Dimensional Research, we surveyed 342 security professionals on how they are experiencing the skills gap and how they intend to address the issue going forward.
Cybersecurity Teams Under Pressure
Spoiler alert: our survey revealed that cybersecurity teams are feeling the pressure heavily going into 2020. According to Tripwire’s study, 83% of security experts feel more overworked going into 2020 than they did at the beginning of 2019. That’s easy to understand considering that 82% said their teams were understaffed. And it’s not for a lack of trying; it’s harder to find experienced staff with the right expertise. A large majority (85%) also said that it’s become more difficult over the past few years to hire skilled security professionals.
Tripwire’s Cybersecurity Skills Gap Report 2020 page 3 Tim Erlin, vice president of product management and strategy at Tripwire, is well aware of these cybersecurity staffing difficulties for organizations.
It's getting harder and harder for organizations to fill open positions on their security teams. Larger organizations, which you might assume have more resources, are experiencing the skills gap issue even more acutely than smaller organizations. It's a challenge to hire the right skill sets – they keep changing along with security, which is always evolving. Nearly all of those we surveyed said the skills required to be a great security professional have changed over the past few years.
Dealing with stress as a cybersecurity practitioner
The responses indicating that security professionals feel overworked and understaffed is interesting to note when considering that more and more sessions on managing work stress and mental health have popped up on the agendas of cybersecurity conferences. In our survey, 93% expressed at least some interest in understanding wellness issues for the cybersecurity industry. Even so, only 19% said their companies provide resources for managing the stress associated with the specific issues of IT security. An additional 59% of organizations said they had work and stress resources in place but that they didn’t pertain to IT security specifically.
CISOs rolling up their sleeves
While the rise of the CISO has helped to elevate security professionals into top leadership roles at their companies, the survey findings suggest that there’s a need for CISOs to roll up their sleeves and stay involved in the day-to-day operations of the organization. Of the 85% of respondents that said they have CISOs in their organizations, 40% said that their CISOs are not involved enough in day-to-day operations, while 10% believed that their CISOs are actually too involved.
Tripwire’s Cybersecurity Skills Gap Report 2020 page 6 Erlin added: “CISOs should be focusing on high-level strategy, but because their teams are understaffed and have an overwhelming volume of work on their desks, they may have to get involved in daily operations if they aren’t already.”
How organizations plan to overcome the skills gap issue going forward
The survey results showed that these teams will be looking for some outside help to address the skills gap and strain on their teams. A large majority (85%) said managed services are a good option for addressing the security skills gap, and almost half (46%) are planning to use more managed services in 2020. In fact, 60% said they’ve already invested in managed services, and 85% said that they plan to invest in these services in the future. As another option, 85% agreed that security teams will need to hire more people without existing security expertise, with 15% indicating that they would be doing exactly that in 2020. Half (50%) said they would be investing heavily in training their existing staff.
Tripwire’s Cybersecurity Skills Gap Report 2020 page 7 Erlin added the following:
To solve the problems caused by skills gap issues, training and managed services are both good approaches. By partnering with providers, organizations can free themselves from operational work and gain insights that will help inform decisions. And because recruiting and training aren’t always possible, managed services provide businesses a way to augment their teams.
You can read the full report from the survey here. In addition, you can click here to learn more about how Tripwire can help your organization do more with less in light of the ongoing skills gap.
