Security analysts: Industry has not solved the talent gap or provided clear career paths

  • Technology
  • Security analysts: Industry has not solved the talent gap or provided clear career paths

New survey finds that cybersecurity professionals want more training to keep up with the threat landscape and learn new software platforms.

Cybersecurity professionals want more guidance about how to build a career in the field, according to a new survey.

Image: ESG

A small study found that many cybersecurity professionals are only somewhat confident in their CISOs and never get enough training time, but they like their jobs, mostly.

Enterprise Strategic Group (ESG) and the International Systems Security Association (ISSA) released its fourth annual cooperative research report The Life and Times of Cybersecurity Professionals 2020. The groups also conducted a second survey to understand the impact of COVID-19 on cybersecurity.
Jon Oltsik, a senior principal analyst and fellow at ESG, analyzed the survey results with answers from 327 professionals. The results showed that:

  • 68% of respondents said they don’t have a well-defined career path
  • 65% said their companies don’t provide enough training
  • 45% believe the cybersecurity skills shortage has gotten worse over the past few years
  • 29% said they’ve experienced significant personal issues due to job stress or they know someone who has

Oltsik said that the industry has not found the answer to the talent gap. 

“This is a people-centric practice and we’re still behind,” he said. 

At the same time, 77% said they are happy overall as a cybersecurity professional. 

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

The workplace impact of the skills shortage include: 

  • An increasing workload for existing analysts
  • Unfilled open job requisitions
  • An inability to learn or use cybersecurity technologies to their full potential 

Oltsik said companies are not providing enough time for professional development.

“We need to keep up with training but at the same time we are too busy to keep up with training,” he said.

Oltsik said that companies that get it right have strong mentoring programs and allocate time for continuous training on a regular basis. Investing time and money in training results in better security and better morale which can lower the attrition rate. “This means changing work schedules and paying people overtime to cover for other people in training,” he said.

Oltsik said mentoring programs have to be formal and mentors should be measured on the success of their mentees. 

Another effect of scrimping on training is making the ROI on security tools harder to realize. Among survey respondents who said that they didn’t have enough training time, 38% said this includes learning how to use security software. 

“Companies are spending money on expensive tools but not giving people enough time to figure out how to use them correctly,” he said.

Among the respondents who have a CISO at their company, 47% said the executive was somewhat effective with 42% grading the leader as very effective.

Respondents listed communication and leadership skills as the two most important skills for a CISO.

Oltsik said that CISOs are often hampered by corporate leaders who don’t take cybersecurity as seriously as they should.

Limited confidence in cybersecurity defenses

In this year’s survey, the two organizations asked respondents to grade how well individual companies and the industry as a whole is doing to keep up with cybersecurity challenges. From the government to schools to private companies, no one got a good rating. Sixty-four percent of respondents believe their organization should be doing somewhat or a lot more to address cybersecurity challenges. This suggests a disconnect between business, IT, and security teams, or a lack of cybersecurity knowledge at the board level.

And 68% of respondents said that cybersecurity technology and service vendors should be doing somewhat or a lot more to address cybersecurity challenges. A majority of respondents also said that the cybersecurity community at large, government agencies, and public schools should all be doing more.

WFH boosts collaboration

One bright spot in the COVID-19 study was that respondents said working from home is improving collaboration among departments. Slightly more than one-third of organizations have experienced significant improvement in coordination between business, IT, and security executives as a result of COVID-19 issues.  Thirty-eight percent have seen marginal improvements, and 21% aren’t convinced but hold out hope for coordination improvement.

Oltsik said the survey found that security teams were mostly prepared to support completely remote teams but not for the scale and the urgency of the shift. 
“All these things became much more front and center: Policy management, remote user security, and insider attacks,” he said. 

Security analysts: Industry has not solved the talent gap or provided clear career paths

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see

Did you like this article? You can read it and many others @ Tech Republic!

From The S3 News Community

Check out posts from our own content writers


Here's the latest news

Exercise tracking, ECG and blood pressure monitoring, trip detection and sleep reports are just some of the tools to look for in the new Samsung Galaxy Watch3. The newest Samsung Galaxy smartwatch is loaded with health and fitness features. The...

Samsung Galaxy Watch3: 7 top health and fitness features

It was the middle of 2016, and Obamacare supporters were stuck.Nineteen states were refusing to participate in the health law’s Medicaid expansion, which provides health coverage to low-income Americans. States run by Democrats eagerly signed up for the program, lured...

Missouri Expands Medicaid, Using Progressives’ New Tactic: Ballot Initiatives

Matthew Stafford's wife Kelly posted a message on Instagram in which she called out the NFL. Kelly Stafford shared her family's struggles after her husband had a false positive test result for COVID-19. However, this news was announced after he was placed on...

Matthew Stafford's wife blames NFL after family was harassed over false COVID-19 test

Today, major streaming services offer the listeners’ demographics data to artists, which creates huge opportunities for artists on many fronts. It is an incredible opportunity to know where your audience lives, what age group they belong to, and who else...

4 Ways To Utilize Streaming Data To Market Your Music

We love these products, and we hope you do too. E! has affiliate relationships, so we may get a small share of the revenue from your purchases. Items are sold by the retailer, not E!. We promise: These accessories won't...

Celebrity-Approved Underwear to Show Off Your Best Assets
Load More
Share via
Copy link
Powered by Social Snap