Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Enterprise ServicesSecurity Leadership and ManagementCybersecurity News

The Cybersecurity Talent Gap = an Industry Crisis

By Dave Barton
cyber-attack
April 30, 2019

A war is raging for cybersecurity talent.

Both the government and the private sector are scrambling for talent. Thousands of information-security jobs are going unfilled as the industry in the U.S. struggles with a shortage of properly trained professionals. By one estimate, there will be 3.5 million unfilled cybersecurity jobs by 2021.

The talent problem is not new.  The problem has become highlighted in the last five to 10 years with the increase in cyberattacks. Not only have cyberattacks grown in frequency and intensity, but also cybersecurity has risen to become a board-level issue. After the Target 2013 attack, boards and executives realized cybersecurity was a business issue and some started putting more money behind it. The aftermath is that everyone is hiring, all at the same time.

I’ve witnessed these problems first-hand for years at nearly every company I’ve worked for, be they small, medium or large. Size doesn’t matter.

What has caused this rise in cyberattacks? I believe there are a few variables. The first being the “connectedness” of everything — cars, refrigerators, TVs, etc. Then there’s the monetary incentive for attacks – healthcare records, for example, sell for almost $150 per record. Add to that poor coding of products that leave them vulnerable to cyberattacks. Finally, the shortage of skilled and experienced security practitioners’ forces companies to use less skilled and experienced IT personnel to try and protect sensitive data and intellectual property.

Lack of Cybersecurity Talent is a Systemic Issue

The fundamental problem facing the skills gap, however, is there aren’t enough people coming into the field to begin with. In my view it starts and ends with education. Not enough interest is being generated at the middle-school and high school levels in STEM. This leads to less graduates in technical disciplines, and less graduates in PhD level technical disciplines. Cybersecurity should have been a Bachelor of Science degree 15 years ago. Today we’re seeing this in some universities, but it’s not enough.

These are all systemic issues needing systemic answers that could take years to resolve. Still, these shortage problems need to be addressed and they won’t be until we change how cybersecurity experts are hired, retained and educated.

So now, we’re faced with a set of problems:  

  1. Lack of qualified staff. Finding skilled security engineers takes way too long. One report says it takes up to six months to find security engineers. 
  2. Using under skilled practitioners. When companies can’t find qualified cybersecurity personnel, they’re forced to use their existing IT/Network teams. These teams generally don’t have a “security first” mindset – they have an “availability first” mindset. Uptime is usually prioritized over security. 
  3. Security tool sprawl. With the average enterprise using 45+ security-specific tools to protect data and intellectual property, understaffed security teams are forced to manage tool sets they don’t know or understand.

Real Challenges, Worrisome Implications

Cybersecurity talent is hard to recruit and retain for every company, but it’s tougher for some over others. Take one of our prospective clients. He’s located in a small town in the middle of the Southeast, and he’s really struggling to find talent. So, their small staff is very overworked.

The implications for business resilience are worrisome.

  1. Security positions are going unfilled for months. Unfilled positions lead to negative impact across the board: on productivity, customer service, security, innovation, speed to market and profitability.
  2. Tools are not being used effectively. Support teams (usually not security teams) are installing, managing and monitoring security tools without the background to make them effective. 
  3. Security oversight is lacking. Projects and products are being deployed without security oversight leading to potential risks for their companies.
  4. Falling behind in cybersecurity training. Companies say they are falling behind in providing an adequate level of cybersecurity training.

What’s more, the lack of skilled cybersecurity personnel is doing more than putting companies at risk; it’s affecting the job satisfaction of existing staff. This is a dangerous side effect that affects morale.

What will the Next Few Years Bring?

Cybersecurity is obviously a job sector of the future. That’s the good news. It’s also the bad news.

The main reason it’s a job of the future is because the security risks of a connected world keep expanding and evolving. Hackers and bad actors will continue to go after our data and intellectual property. Without the right people (skilled and experienced) and right tools, this problem will continue to grow. 

As you might imagine, we’re fighting the war for cybersecurity talent every day.

KEYWORDS: cyber talent gap cybercrime cybersecurity

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Dave barton
Dave Barton is Chief Information Security Officer, Stellar Cyber. With over 20 years of security experience, he has served as CISO across several industries including telecommunications, healthcare, software development, finance and government.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • automation_enews

    What We can Do to Bridge the Cyber Skills Gap

    See More
  • cybersecurity-talent-shortage-fp1170b47.jpg

    Why the cybersecurity talent gap exists and how to solve it

    See More
  • Lisa Tetrault security podcast

    Closing the cybersecurity talent gap

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing