As the cyber-threat landscape continues to evolve, so do the skills needed to meet the changing challenges. According to a recent survey, 81% of security professionals believe that the requirements to be a great security professional have changed, with many turning to staff without specific cyber-training.
The survey, sponsored by Tripwire, found that 93% of security professionals are concerned about the cybersecurity skills gap, and 72% believe it is more difficult to hire skilled security staff to defend against today’s complex cyberattacks compared to two years ago. Significantly, one-fifth (20%) of respondents said their organizations had hired people with expertise not specific to security over the past two years, and another 17% stated they plan to do the same in the next two years. Additionally, half plan to invest more heavily in training their existing staff to help with the looming skills shortage.
“It’s evident that security teams are evolving and maturing with the rest of the cybersecurity industry, but the pool of skilled staff and training simply aren’t keeping up,” said Tim Erlin, vice president of product management and strategy at Tripwire. “For example, beyond their technical duties, security practitioners may now be expected to spend more time in boardrooms or in the CFO’s office to secure more budget. While the makeup of the cybersecurity workforce may be changing, the fundamentals of protecting an organization have not. It will be critical during this transition to ensure there’s a long-term strategy in place around maintaining their foundational security controls.”
Out of the study respondents, which included 315 IT security professionals at U.S.-based companies with more than 100 employees, 91% said they plan to supplement their team by outsourcing for skills. Another 88% believe managed services would add value to solving the skills gap problem; and 98% expect other functions like non-security teams to be more involved in cybersecurity moving forward.
Further, 96% believe that automation will play a role in solving the skills gap in the future.
“The skills gap doesn’t have to be an operational gap,” Erlin added. “Security teams shouldn’t overburden themselves by trying to do everything on their own. They can partner with trusted vendors for managed services or subscribe to service plans where outside experts can act as an extension of the team. Organizations should also understand that security is a shared responsibility across different functions, so people from other parts of the business should be involved in the cybersecurity program. And, of course, automation can add value not only in reducing manual work, but also in ensuring that everything is up-to-date and working as it should in real time. Security teams may just need to work more creatively.”
Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/