Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsCybersecuritySecurity Talk ColumnCybersecurity News

Cultivating Your Next Cybersecurity Team

By Diane Ritchey
Cultivate Your Next Cybersecurity Team Security Magazine November 2017
November 1, 2017

Cybersecurity talent investment has gone through the roof in recent years: Universities are announcing cybersecurity degrees programs, Facebook is open sourcing its Capture the Flag competition platform that teaches developers about cybersecurity, Cisco has launched a $10 million scholarship to tackle the cybersecurity talent shortage and more.

Yet, it’s still not enough.

Because by 2022, the global cybersecurity workforce will be short by around 1.8 million people, according to the Global Information Security Workforce Study (GISWS) by The Center for Cyber Safety and Education and facilitated by Frost & Sullivan.

“We are clearly still going in the wrong direction,” notes Wesley Simpson, COO at (ISC)², which released its own report that notes that IT staffers are dramatically underutilized and potentially untapped cybersecurity resources for many organizations struggling with their information security workload. (ISC)² is an international, nonprofit membership association for information executives, with 125,000 members in 170 countries.

More than 3,300 IT professionals participated in the (ISC)² study, which found that almost 50 percent of IT organizations don’t provide adequate resources for IT security training and professional development, and that their ability to defend against cyberattacks has declined in the past year. Although IT professionals are on the frontlines implementing cybersecurity strategies, only 35 percent agreed their security suggestions are followed, while 28 percent said they are asked for advice, but it falls on deaf ears.

The GISWS study echoes that as well: its research found that 87 percent of cybersecurity workers started their careers doing something different, which is a problem for the 94 percent of hiring managers who indicated they were looking for staff with existing experience in the field. So, leadership may not fully understand job requirements, according to the GISWS report.

Considering the evolving nature of the threat landscape, hiring people with all the requisite experience and knowledge is a challenging prospect. Even experienced security pros need constant refreshers because the threat landscape changes rapidly with 400,000 new malware samples released daily. Security knowledge can get stale without continuing education.

“We are not staffing this shortage, we are staying the same; even worsening,” Simpson says. “We don’t have a big army coming over the hill to save us all. So maybe we need to educate the staff that we have and go to battle with that team, instead of looking for a new team.”

Wesley advocates the importance of training and investing in the employees you currently have, for your next cybersecurity team. “We can’t be afraid to look within our own organizations,” Simpson argues. “Because that talent exists.”

How do you begin? “Start with your own IT department,” Simpson says. “IT staff known the day to day security functions, the technology, the business, the processes, the infrastructure and where your data is. Many IT professionals have been doing that their entire career. Just because they don’t have a cyber title doesn’t mean they don’t possess those skills.”

How do you train? “Each enterprise will be different, but the bottom line is that it needs to continually invest in their staff. Send them to training to get the certifications they need. And the biggest thing that we are not seeing is having a conversation with the board and the C-Suite to get the cybersecurity budget added to the P&L,” Simpson notes. “That is not a common practice, so the money is just not there. Every organization needs to be a security company and that mindset needs to be embedded into the enterprise.”

Simpson also likes to dispel the notion that a STEM education or degree is needed for a cyber career. “Cybersecurity is an incredibly diverse career field, and it needs legal, accounting, analysts and businessminded folks who have to mine through data and present it in a logical fashion that is suitable for a board and C-suite audience. And you don’t necessarily need STEM to do that.”

Overall, says Simpson, a long-term investment in cybersecurity training and education is lacking in enterprises, but is certainly advisable if enterprises want to properly protect themselves.

KEYWORDS: cyber security careers cyber security education security talent gap security training

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Diane 2016 200

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Cybersecurity
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Glasses in front of coding on screen

5 Ways Quantum and AI Will Rewrite the Rules of Cyberattacks

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Insider Tips for Building Your Cybersecurity Team

    Insider Tips for Building Your Cybersecurity Team

    See More
  • The 'People' Part of Enterprise Cybersecurity Strategies

    Stop the Abuse! (Of Your Cybersecurity Team)

    See More
  • hiring_recruiting-freepik1170.jpg

    Four steps to build and retain a solid cybersecurity team during a labor shortage

    See More

Related Products

See More Products
  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing