Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity Education & Training

Addressing the Cybersecurity Skills Shortage Through Upskilling and Retention

By Maria Henriquez
cybersecurity900px
December 3, 2019

For years, security leaders have been talking about the cybersecurity skills shortage. In 2014, a RAND Corporation study found that the nationwide shortage of cybersecurity professionals – particularly for positions within the federal government – created risks for national and homeland security. “It's largely a supply-and-demand problem," said Martin Libicki, lead author of the study and senior management scientist at RAND. "As cyber attacks have increased and there is increased awareness of vulnerabilities, there is more demand for the professionals who can stop such attacks. But educating, recruiting, training and hiring these cybersecurity professionals takes time," said Libicki.

The demand for cybersecurity professionals began to overtake supply in 2007, largely due to increased reports of large-scale hacking and other advanced persistent threats, said Libicki. Since 2014, the demand has only grown and more organizations (74 percent) continue to be impacted by the skills shortage. To close the gap, (ISC)² estimates that 4.07 million cybersecurity professionals are needed, or an additional 145 percent. Currently, there are only 2.8 million professionals.

The security industry, says Pieter Danhieux, Secure Code Warrior CEO and Co-Founder, needs to recognize there is a need for a strong security culture, where developers are empowered to learn to code securely. This, he contends, can turn the security skills shortage into an opportunity. 

 

Addressing the Cybersecurity Skills Gap

“Globally, we are producing an enormous amount of code to fulfill our insatiable appetite for rapid digitization and innovation. Approximately 111 billion lines of code are created each year, and this is only set to grow. More code means more vulnerabilities, and the industry is struggling to meet the demand for cybersecurity expertise,” Danhieux says.

Leaders must approach the issue differently, he says. “With attackers only needing small opportunities to orchestrate a damaging data breach, coding securely must be considered a top priority. The “skills shortage” battle is unwinnable if we are only looking towards highly trained, expensive application security (AppSec) specialists to deal with security problems. There will never be enough, so we must look at the issue from many different perspectives.”

To turn the security skills shortage into an opportunity, he says, leaders within organizations and universities should start empowering developers to learn to code securely. “AppSec specialists are scarce and expensive. They should be focused on very complex security issues; however, the constant flagging of common vulnerabilities that have had a remedy for decades often bogs them down.”

These issues, Danhieux says, would not enter code in the first place if developers were security-aware and adequately trained to find and fix these common problems. Universities, for instance, “teach developers how to think and design code; however, security is briefly touched on,” which leads developers to introduce problems without their knowledge, says Matias Madou, Co-Founder of Secure Code Warrior.

“It is far cheaper, more efficient and safer to secure code from the start of the system development life cycle (SDLC), and that means turning developers in to the first line of defense,” notes Danhiuex.

For developers to write secure code, training that is more in-depth, engaging and relevant to developers’ day jobs must be implemented. “With the sheer amount of breaches happening every other day, it’s clear that most security training is inadequate at the developer level and they are not equipped with the tools, nor the knowledge, to be successful in coding securely,” he notes.

 

Upskilling and Retention Are Important. Here’s Why

Tertiary education for software engineers rarely includes in-depth security training, and most organizations do not adequately provide it either, says Danhieux.

“Security is not a priority in the busy world of a developer; they are tasked with delivering beautiful, functional features to strict deadlines,” he says. “Enterprises should seek to lighten the load on security experts by providing engaging, useful training that helps them catch vulnerabilities before code is committed. The right training “upskills” an average developer into a security-aware developer, and that is a positive for the individual and the organization. Building a great security culture with a focus on end-to-end awareness is critical.”

Enterprises should also rely on a Software as a Service (SaaS) platforms, such as Secure Code Warrior’s SaaS platform, that create a hands-on, interactive language and framework to engage their developer in their learning process. In turn, this will enable developers with the tools and modules they need to code securely.

Retention is also important, as well, says Danhieux. “Teams with high turnover often don’t get many opportunities to bond as one, collaborate effectively and work towards a common goal. Retention of great employees can help organizations stay agile and keep company culture in-check,” he says.
Danhieux notes that every team should understand they are valued for what they do, through positive reinforcement, feeling “looked after” through company activities and being part of an empathetic environment that is non-judgmental, supportive and flexible.

 

Competing With Better Salaries

In 2018, (ISC)² revealed that only 15 percent of cyber professionals were not looking to switch jobs, leaving 85 percent of the cybersecurity workforce open to new opportunities. Those valued cybersecurity professionals are contacted various times per month (34 percent) and others are contacted many times during a day (13 percent) by aggressive recruiters.

Often times, cybersecurity professionals find it hard to compete with better salary packages, which may contribute to why these professionals were looking to switch jobs. Danhieux contends that if organizations cannot compete on salary packages, they need to find other ways to add value. “Can you offer training that helps their career path, develop mentorship programs or the opportunity to learn new skills?” he says.
“Flexibility is also very important to many people. Remember: office visibility from nine-to-five does not guarantee productivity,” he notes. “Employ people you trust in the first place to deliver while working from home, or working around personal appointments. At Secure Code Warrior, we also have an “Infant-At-Work” policy that assists new parents in returning to work sooner without the expense of childcare.”

Finally, it is important to note that salaries might not be deal breakers for many cybersecurity professionals. (ISC)² found that cyber professionals want to work where:

  1. Their opinions are taken seriously.
  2. Where they can protect people and their personally identifiable information and data.
  3. An employer adheres to a strong code of ethics.

In addition, implementing clearly defined ownership of cybersecurity responsibilities, viewing cybersecurity as more broadly than just technology and providing training opportunities can help retain valued employees.

Overall, organizations should always make it a priority to “let people be themselves and enable their best work,” Danhieux says.

KEYWORDS: cyber security cybersecurity cybersecurity careers cybersecurity education & training security career workforce workforce gap

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Agricultural harvesting equipment

    Addressing the wider cyber skills gap through the agriculture industry

    See More
  • cybersecurity staff.jpg

    Addressing the cybersecurity staff shortage

    See More
  • employee training

    How employee upskilling can ease the cyber talent shortage

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing