Even as companies wrestle with finding cybersecurity talent, the skills needed for effective cybersecurity are evolving with the times. In Tripwire’s survey of 315 IT security professionals at companies with over 100 employees, 79% of respondents said they believe the need for technical skills among security staff has increased over the past two years.
More than 50% cited network monitoring, IT fundamentals and vulnerability management as the most important technical security skills needed on security teams.
In addition, almost half of the respondents (47%) were concerned about losing security capabilities altogether in the event of a skills gap. Of those, 52% were concerned about staying on top of vulnerabilities, 29% were concerned with keeping track of devices and software on the network, and 24% were concerned about identifying and responding to issues in a timely manner—as well as staying on top of emerging threats.
“Considering the recent high-profile threats that have been attributed to unpatched systems, it’s no wonder respondents are concerned that a technical skills gap could leave their organizations exposed to new vulnerabilities,” said Tim Erlin, vice president of product management and strategy at Tripwire. “I’m encouraged to see that respondents are prioritizing skills for foundational security controls, such as vulnerability management and network monitoring, when they’re hiring.”
Respondents were also asked how they expect their security team’s expertise to grow in the next few years; 88% expect the need for expertise in the cloud to increase, while 77% expect the need for expertise in the internet of things (IoT) to increase. Another 77% expect the need for expertise in DevOps to increase.
Looking outside their organizations, 97% said that technology vendors can help address the skills gap. A vast majority (91%) of respondents said specifically that they will outsource security skills to address the technical skills gap.
“Growing adoption of cloud, IoT and DevOps brings about new challenges that security teams will need to keep up with, and if organizations want to bridge a technical skills gap they should look to work with security vendors and managed security providers who can help them address today’s major attack types, while also offering training to their existing IT teams,” Erlin said. “As security continues to become an even bigger challenge for organizations we can expect to see more and more businesses outsourcing to gain security expertise in the future.”
Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/