Growing CyberSecurity Skills Gap Worries Security Professionals; Highlights Challenges for Staffing

A recent survey on security staff confirms what we all know – IT is growing even more worried that these professionals are so hard to find, hire and keep.  But the survey, commissioned by Tripwire, also found the shortage is prompting companies to their methods for how to protect against cyberattacks. 

Tags: cyberattacks, security, survey, threat detection, Tripwire,

It is becoming increasingly difficult for organizations to hire skilled security staff to defend against today’s complex cyberattacks, according to a study commissioned this summer and recently published by Tripwire, a provider of threat detection and monitoring solutions.


Conducted this summer by Dimensional Research, the study examined how organizations are addressing a growing cybersecurity skills gap.


Among the key findings, an amazing 93 percent of security professionals “are concerned about the cybersecurity skills gap,” according to Tim Erlin, vice president of product management and strategy at Tripwire.  This ‘gap’ is having real impact on the workplace, as the study also found “72 percent [of respondents] believe it is more difficult to hire skilled security staff to defend against today’s complex cyberattacks, compared to two years ago.”


The study also identified some reasons why.


The vast majority of respondents (81 percent), said those skills required to be a great security professional have changed in the past few years.


In a recent post on the company’s blog, “The State of Security”, Erlin commented on this growing impact of how the nature of protecting against security threats has changed the nature of skills required:

It’s evident that security teams are evolving and maturing with the rest of the cybersecurity industry, but the pool of skilled staff and training simply aren’t keeping up.

For example, beyond their technical duties, security practitioners may now be expected to spend more time in boardrooms or in the CFO’s office to secure more budget. While the makeup of the cybersecurity workforce may be changing, the fundamentals of protecting an organization have not.

Finding professionals with high cybersecurity skills is creating challenges, and even forcing some companies to make difficult decisions, according to the survey.  One big trend is that cybersecurity is becoming a much more pronounced team effort, the study found.


“Security teams shouldn’t overburden themselves by trying to do everything on their own,” Erlin added. “They can partner with trusted vendors for managed services or subscribe to service plans where outside experts can act as an extension of the team.”


Security is a shared responsibility across different functions, concluded Erin. “People from other parts of the business should be involved in the cybersecurity program. And, of course, automation can add value not only in reducing manual work, but also in ensuring that everything is up-to-date and working as it should in real time. Security teams may just need to work more creatively.”


In fact, the study found companies are developing several strategies: to keep the skills gap at bay in the future. Among the findings:

  • 98% expect other functions like non-security teams to be more involved in cybersecurity moving forward.
  • 96% percent believe that automation will play a role in solving the skills gap in the future.
  • 91% plan to supplement their team by outsourcing for skills.
  • 88% believe managed services would add value to solving the skills gap problem.

But even with a growing focus on expanding the team makeup of fighting security threats, companies also know they have to take other strategies to step up their access to cybersecurity expertise.  On that score, half of respondents (50 percent) said they plan to invest more heavily in training their existing staff to help with the looming skills shortage, the study found.

Meanwhile, as that extra training takes time to have an effect, “20 percent of organizations have hired people with expertise not specific to security over the past two years, and another 17 percent plan to do the same in the next two years,” Erlin added.  


Respondents to the Tripwire / Dimensional Research survey included 315 IT security professionals at U.S.-based companies with more than 100 employees.