CISOs who can reduce or close their critical skills gaps have the highest probability of minimizing the business impact of cyberattacks – even when budgets and staffing are constrained, says a new SANS Institute survey, "Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs).

The survey covered staff changes in 2019, qualitative responses on what skills security managers see a need for, which needs they plan on staffing internally and where they plan on using external service providers.

Other than at very small businesses and in the government vertical, the survey found that turnover and attrition rates for cybersecurity staff is at or below industry averages. Even so, security managers indicated they tend to fall back on attrition as the reason for requesting staff increases, which reflects a lack of meaningful cybersecurity metrics being employed at many organizations, the survey found.

Security operational skills were cited as most needed by survey respondents, and cloud security skills were more sought after than network or endpoint security skills. While the most successful source for new cybersecurity employees was the company's existing internal IT staff, hiring managers indicated they would most like to see new hires with hands-on experience using common cybersecurity products – open-source tools, in particular.

"This skills gap survey once again pointed out that despite all the headlines about a cybersecurity headcount shortage, it is really a skills gap – security people with hands-on experience with the top security tools and how to use them across hybrid cloud/on-premises systems are being hired for the skills, not just to add bodies," says John Pescatore, survey author and SANS Director of Emerging Security Trends. "By investing in training and tools skills as well as the maintenance of those skills, the increased productivity and reduced security staff attrition provides a huge return on investment."