By now you’re well aware of the widely-reported (ISC)² research that shows there is a global cybersecurity shortage of 2.93 million professionals. Identifying, recruiting and training skilled talent to adequately secure organizational data assets obviously remains a top priority in our industry.
Well, over the past few weeks, both Tripwire and IBM have published reports that focus on different layers of the problem and add to the conversation.
In its Cybersecurity Skills Gap Survey 2019, Tripwire found that 80% of IT security professionals believe it’s becoming more difficult to find skilled cybersecurity professionals. Not a surprising figure. The interesting wrinkle here? 93% of the respondents also indicated that the reason it’s so difficult is that the required skills have changed over the past few years, hinting at a need for retraining and continuous learning opportunities.
According to Tripwire’s CTO, David Meltzer, “security teams are in search of new skillsets to deal with evolving attacks and more complex attack surfaces as they include a mix of physical, virtual, cloud, DevOps and operational technology environments.”
This evolution of needed skills was one of the driving forces behind the creation of the recently-launched (ISC)² Professional Development Institute (PDI). PDI provides a growing portfolio of on-demand courses whose content reflects feedback from members and the cybersecurity community on burgeoning areas in which skills development will help them better secure their organizations.
The Tripwire report also found that with limited cybersecurity staffs, 68% of respondents are concerned with losing the ability to stay on top of vulnerabilities. According to IBM’s new report they are right to be concerned, as the 2019 IBM X-Force Threat Intelligence Index found that the average company had an estimated 1,440 cybersecurity vulnerabilities in its technology systems in 2018, up 4% from 1,380 the year before.
All of this points to not only the need for training and continuous learning opportunities for cybersecurity professionals to flesh out security department teams, but also opportunities for both MSSPs and new technologies such as artificial intelligence to support vulnerability monitoring and identification processes.
How is your organization tackling keeping cybersecurity staff up to speed on the latest attack surfaces, techniques and threats?