Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

Why You Should Be Losing Sleep over the Security Skills Shortage

We've written a few  times in this space about the seemingly ineradicable security skills shortage that exists in organizations worldwide. Bad news: The picture doesn't appear to be getting any rosier. The latest ominous headline comes from Burning Glass, a labor market analytics firm, which has documented a 74 percent spike in cybersecurity job postings from 2007 to 2013, double the rate of all IT jobs.

For a long time, many business leaders have viewed security as little more than a nuisance. This mentality, which still persists in some places, resulted in the limited cultivation and development of proficient security professionals. But over the past decade, massive breaches became commonplace, the cyber black market rapidly matured and professionalized, and the attack surface dramatically expanded as emerging technologies and network-connected devices entered the corporate mainstream.

Chief executive officers and other bosses have since perked up to the seriousness of the whole situation, but the demand for security talent has long surpassed the supply. Astonishingly a reported one million security jobs are unfulfilled worldwide. Industry, government and academia efforts to bolster education and training will help, but the road remains long and convoluted. The proverbial barn door is open, and the horse has bolted.

Coming off arguably the most prolific year in history for data compromises - and staring even more egregious attacks directly in the face - security groups can ill afford to be staffed with inexperienced, incompetent or strictly compliance-minded individuals. This goes not only for prevention and detection obligations, but also for the seemingly inevitable duty of incident response   .

Meanwhile, in an attempt to repel their sly adversaries, organizations have unwittingly created an additional problem for themselves: They have purchased feature-rich security technologies they hope will stop modern-day threats like malware. But with features comes complexity, and many businesses have been unable to properly adopt or effectively deploy these solutions.

Our just-released 2015 Security Pressures Report, which polled more than 1,000 security decision-makers in the United States, U.K. and Canada, found that 84 percent of respondents want to see the size of their IT security team increased. And more than two-thirds feel pressure to adopt security technologies containing all of the latest features, but only 29 percent believe they have the proper resources on hand to use those purchases.

The Pressures Report offered a number of recommendations in its conclusion section, but one specifically spoke to the lack of skills and product complexity challenges facing organizations. It encouraged organizations to consider managed security service providers, which already are seeded with deep expertise and intelligence, and can scale their offerings to meet the demands of any size organization.

The final section of the report also noted the importance of organizations ingraining security into their culture. Entities that prioritize security and IT risk reduction from the top down are stronger situated to ensure the most qualified candidates for security roles are the ones who are hired - and once they are brought on board, they stay.

We encourage you to download the 2015 Security Pressures Report to see all of the pressure-related stats that may be hampering your job, in addition to the rest of our list of practical suggestions for alleviating these points of tension.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.