Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity NewsInfrastructure:Electric,Gas & Water

Stuck in the cybersecurity talent chasm? Here's how industrial organizations can climb out

By Duncan Greatwood
skills-freepik1170x658.jpg

Image via Freepik

November 10, 2022

Over the past decade, organizations have continued to contend with the cyber talent and skills shortage. This is especially prevalent for the industrial sector, where organizations face increased cyber risks as they accelerate digital transformation. With increased connectivity, attacks are skyrocketing: the Cybersecurity and Infrastructure Security Agency (CISA) reported ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors in 2021.


More attacks mean more demand for cybersecurity experts — but the talent chasm is ever-widening. From 2013 to 2021, the number of unfilled cybersecurity roles grew from 1 million to 3.5 million. As such, many existing cyber teams may be inexperienced and overworked, further increasing the risks of data breaches, attacks, or other unintended consequences. The stakes are high: in critical infrastructure, a system shutdown could halt the operation of a power grid, gas pipeline, or pharmaceutical supply chain, resulting in damage not only to an organization’s bottom line but to everyday people.


Cybersecurity leaders are facing an uphill battle. They’re playing whac-a-mole with their security postures — attempting to simultaneously block attacks and ensure compliance with the latest federal regulations, such as those from CISA, National Institute of Standards and Technology (NIST), and the Transportation Security Administration (TSA) — likely with under-resourced teams behind them. But there is hope. By tapping into outside resources — including new technologies and experienced consultants — these organizations can secure their increasingly interconnected systems and remain nimble despite growing threats. 


The cyber skills gap: a one-two punch

The cybersecurity industry faces a variety of unique challenges when it comes to talent acquisition and retention. There are currently hundreds of thousands of unfilled positions, with many requiring certifications or degrees that few applicants have. And, of course, cybersecurity isn’t immune to the “great resignation” occurring across industries.


Despite these factors, companies are under renewed pressure to improve their security postures. As cyberattacks surge, the federal government has been busy releasing a number of updated security requirements for sectors across the board. The TSA, for instance, has issued multiple security directives for oil & gas pipeline operators, requiring new cyber protection plans, emphasizing proactivity and prevention to be submitted for approval. We’ll likely see a domino effect in additional critical industries; a July Office of Management and Budget (OMB) memo called for agencies to establish specific cybersecurity performance standards for their respective industries and to budget for federal review and assessments of those new plans.


Clearly, organizations are being held to new, challenging standards. This phenomenon has resulted in a one-two punch: not only are they fending off cyberattacks from sophisticated actors and attempting to reach compliance, but they are also grappling with unprecedented hiring and retention struggles. In trying to do both perfectly, neither goal ends up getting met, leaving infrastructure vulnerable to attacks and positions still unfilled. 


The way forward 

To adequately address the skills gap and its impact on cybersecurity posture, organizations should take a two-pronged approach consisting of organizational shifts and the use of external resources. 


First, leaders must adjust their idea of what an internal cybersecurity team looks like. Rather than requiring that each employee come armed with advanced degrees, certificates, and detailed knowledge of all facets of cybersecurity, leaders should instead leverage technology to supplement employees with less industry expertise. This can look like automating administrative tasks with identity and user management for local and remote access, eliminating custom configurations for elements such as internal firewalls or jump boxes, or adding multiple layers of MFA to automatically secure different levels of access.


Furthermore, technology can also help secure operations in case of human error and plug any existing gaps; automated solutions providing workflow-based session recording and shadowing options can avoid common human mistakes with change management processes like doer and checker for cyber-physical systems. An effective policy-based automated solution will not only help with human error avoidance but will also assist in meeting the regulatory compliance requirements by recording the changes happening on critical cyber-physical systems for future reference.


Second, teams can leverage external resources to plug the gaps, particularly when facing a new iteration of federal security requirements. To boost a smaller or newer cybersecurity team, companies can partner with experienced consultant teams to guide cyber-hardening and federal compliance processes. Independent expertise can be particularly helpful when integrating modern security approaches, such as zero trust, into existing strategies. Ultimately, the right partner can identify the right projects to prioritize, reduce the time it takes to reach goals, and help implement the best easy-to-own technologies to meet customer needs. Additionally, with the right cybersecurity underpinnings, remote access to operational environments can be fully implemented, increasing the productivity of personnel who no longer have to travel to individual sites for their work.


Cybersecurity’s inflection point 

As cyberattacks multiply in frequency and the government mandates new and better security postures, it’s no longer sufficient for organizations to hope for the best from small and potentially inexperienced teams. But if they can adapt via technology innovation, organizational shifts and use of external resources, they’ll set themselves up for long-term success.

KEYWORDS: cyber security cyberattacks cybersecurity skills gap information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Duncan greatwood headshot

Duncan Greatwood is CEO of Xage, a zero trust security company. Most recently, he was an executive at Apple, helping to lead a number of Apple's search-technology projects and products, having previously served as CEO of social media search and analytics leader, Topsy Labs (acquired by Apple in 2013). Prior to this, he was founder and CEO of PostPath Inc. (acquired by Cisco in 2008), and held roles in engineering, product marketing, corporate development, and sales at Virata and Madge Networks. Duncan holds a B.A. (Mathematics) and M.Sc. (Computer Science) from Oxford University and an M.B.A. from London Business School.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cybersecurity-talent-shortage-fp1170b47.jpg

    Why the cybersecurity talent gap exists and how to solve it

    See More
  • convergence freepik

    When product security and cybersecurity converge: A CSO’s perspective on how security organizations can thrive

    See More
  • 5 Minutes With Logo Steve Riley

    How organizations can focus cybersecurity investments

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing