Anyone in IT who hasn't been living under a server rack has heard for years now about the struggles that cybersecurity teams face in hiring and retaining talented security professionals. The data almost universally shows that this security skills gap holds back teams from effectively meeting the challenge posed by increasing threats barraging their infrastructure.
The trouble is that instead of taking matters into their own hands and training up their staff to fill the gap within their organizations, most businesses throw their hands up in defeat. A new study out by cybersecurity training firm Cybrary shows that while 65% of IT and security managers agree that the security skills gap has a negative impact on their team's effectiveness, fewer than half of security staffers say their employers equip them with the resources they need to develop their skills.
First of all, many organizations fall down in communicating and assessing the skills expectations of their IT and security staffers with regard to cybersecurity skills. Some 46% of security staffers say that their organization doesn't know the skills required for them to be effective in their roles, and 38% say their organizations don't clearly communicate the skills they expect team members to have in their job. More than twice as many organizations rely on performance reviews from managers over more objective skill-based assessments or certification practice tests to judge technical security skills.
While individual employees are incentivized to continue on their learning path for the sake of their individual career prospects—79% said they spend time at least once a week developing new job-related skills—most of them must do that outside of work hours on tehir own dime. The biggest barrier for staffers to developing their new skills was cost, cited by 32.7%. That was followed closely by the number two barrier, lack of time, which was cited by 27.5% of security pros. Over two in five respondents reported that these major barriers have had major to severe impact on their ability to make skill development a priority.
Tellingly, the study showed that while organizations lament the security skills gap, the majority do not invest accordingly. Some 16% of respondents report they don't have any training budget at all. Another 43% say their organization's budget for training has decreased over the past year. Clearly, enterprise organizations are still trying to hire their way out of the skills gap rather than taking the reins in their own hands to develop their team.
“The industry is overdue for a wake-up call to address the IT and Security skills gap and talent shortage, especially as we enter a new era of remote work,” said Ron Gula, founder of Gula Tech Adventures and Cybrary Board Member. “This vision for attracting and retaining talent can only be fulfilled if organizations continuously invest in their employee’s career and skills development.
An award-winning writer, Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. Chickowski’s perspectives on business and technology have also appeared in dozens of trade and consumer magazines, including Consumers Digest, Entrepreneur, Network Computing and InformationWeek.View all posts
Don’t miss out on exclusive content and exciting announcements!