We have all seen the news articles and studies covering the “skills gap” or “talent gap” in cybersecurity. This gap is a known issue that has been present for years as qualified candidates become more scarce as demand grows. By 2022, an estimated 1.8 million cybersecurity jobs will go unfilled, according to ISC2. To compound that, the U.S. Bureau of Labor Statistics predicts the number of jobs in the security space to increase 18 percent from 2014 to 2024.

Today, eSentire released a new white paper that explores the skills shortage topic from a different angle. We looked at how organizations feel about the skills shortage and what they are doing to address it, and compared that with what the skills shortage looks like from the cybersecurity professionals’ perspective. Through research, we asked these professionals for their take on the skills shortage, what organizations can do to alleviate it and what motivates them.

The research shows that both organizations and their cybersecurity employees know some of the significant steps they can take to alleviate the skills shortage. However, the actions of the organizations are not following suit, perpetuating the problem and potentially causing the good employees they have to move on.

Thirty-two percent of organizations say it takes more than six months to fill cybersecurity positions at their organization, according to ISACA’s 2019 State of Cybersecurity survey. In 2018, 451 Research asked organizations facing a skills shortage what they could do to address the skills gap. Sixty-two percent responded that they could address the skills gap by training existing staff to learn new skills. In June 2019, eSentire teamed up with 451 Research and we asked what organizations were doing to address the skills gap. Fifty-eight percent were trying to hire additional staff. Only half were retraining existing staff. Not much has changed.

When we asked cybersecurity professionals what organizations could do to attract and retain talent better, their answers surprisingly matched exactly what organizations know they need to do, but are not executing.  Of the polled cybersecurity professionals, 63 percent believe that ongoing education and certification programs are the answer. We also saw a correlation between high job satisfaction and happiness with the ongoing education options offered by employers. The cybersecurity professionals surveyed want continuing education. Over 48 percent agree that their skill set is falling behind due to the ever-changing demands of cybersecurity and 34.2 percent of respondents believe that learning new skills is the greatest motivator in achieving job satisfaction.

The white paper offers answers to a range of questions, including:

  • Is the skills shortage as bad as it is being reported?
  • What do cybersecurity professionals think about the widely reported skills gap?
  • Is outsourcing cybersecurity functions the only answer for organizations?
  • Do cybersecurity professionals feel that their skill set matches with their job position?
  • What role can recruiters play in alleviating the skills shortage?

The paper concludes by presenting actions that organizations need to focus on in order to keep top performing cybersecurity professionals from job-hopping away in their quest for job satisfaction.

To learn more about eSentire’s Managed Detection and Response (MDR) capabilities and service offerings, visit here.

To read "The Self-Fulfilling Prophecy of the Cybersecurity Skills Shortage" white paper, visit here.

About the research

This report draws from a 451 Research study commissioned by eSentire in June 2019, a survey conducted in July 2019 by eSentire of 300 North America IT security professional and reputable independent research and industry sources including the U.S. Bureau of Labor Statistics and ISACA.

jennyd
Jenny Dowd
Senior Product Marketing Manager

See the latest blog posts

Articles and reports written by eSentire staff and our Threat Intelligence Research Group.

Ready to get started?
We're here to help.

Get Started
Reach out to schedule a meeting and learn more about our Managed Detection and Response, Risk Advisory and Managed Prevention capabilities.