Close this search box.
Close this search box.

How Organizations Can Bridge the Cybersecurity Skills Gap

While all organizations are having difficulty finding cybersecurity talent, small and medium-sized enterprises are in a particularly bad position, as they cannot afford the high salaries that qualified cybersecurity specialists command.

How serious is the cybersecurity skills gap? The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. One in four respondents to a survey by ISACA’s Cybersecurity Nexus (CSX) reported that it takes their companies six months or longer to “fill priority cybersecurity and information security positions, yet KPMG’s 2017 U.S. CEO Outlook survey found that only 40% of American CEOs feel that their organizations are fully prepared to handle a cyber attack.”

While all organizations are having difficulty finding talent, small and medium-sized enterprises are in a particularly bad position, as they cannot afford the extraordinarily high salaries that qualified cybersecurity specialists command or design and implement zero-based training pipelines to “build their own” talent.

Enterprise networks at risk
The cyber skills gap coincides with a dramatic and ongoing escalation in the frequency, intensity and cost of cyber attacks. Thirty-two percent of organizations reported being victims of cyber crime in 2016, and 72% of CISOs predicted that their companies would be attacked within the next year. The average data breach in the U.S. costs $362 million, or $141 per record, the highest in the world.

As the cyber ecosystem grows more intricate, cyber criminals have more possible attack vectors—and enterprises have more areas to defend, including a growing number of connected devices, cloud computing solutions, and shadow IT applications. Regardless of size or industry vertical, it’s not a question of ‘if’ any given enterprise will be attacked, but ‘when’.

“technology is only as good as
the humans deploying it.”

The crisis has attracted the attention of federal and local governments. The mayor of New York City recently announced a $30 million initiative to fund cybersecurity training, academic research and development labs with the goal of making the city “the cybersecurity capital of the world.” The Cyber Scholarship Opportunities Act, which is currently moving through the U.S. Senate, would expand the National Science Foundation’s CyberCorps: Scholarship-for-Service program, which funds cybersecurity education for college students who commit to government service after they graduate.

Skilled workers is what’s needed, not “magic technology, to bridge the gap
The New York initiative and the Senate bill are steps in the right direction, but both will take years to produce results, and organizations need help right now.

Although there is much talk of utilizing artificial intelligence and machine learning technologies to make up for a lack of security personnel, there is no such thing as “magic technology” that will take the place of human judgement; any technology is only as good as the humans who are deploying it. Cybersecurity is a human-centric field that requires boots on the ground to man network monitoring stations, detect and evaluate anomalies, and respond to cyber incidents. Security professionals also are needed to ensure compliance with applicable data security standards and train other employees on cybersecurity best practices to prevent them from falling prey to phishing and other social engineering schemes.

This leaves two other options for immediate relief:

  • Outsource some or all cybersecurity and compliance functions to a managed security services provider (MSSP)
  • Develop new talent in-house

Outsourcing cybersecurity and compliance to an MSSP offers numerous benefits, including significant cost savings versus having in-house staff, the ability to access a level of expertise that a company may not have in-house, and allowing internal staff to focus on projects that are directly related to the company’s core competency. However, outsourcing is not the right choice for every organization, and many companies need at least some security personnel on their own payroll.

This leaves job training programs, whether in the form of in-house academies, on-the-job-training, paid internship or apprenticeship programs, or some combination of these. Many organizations are eager to train their own talent but have no idea where to begin. CompTIA’s IT Ready program, an eight-week education, training and career placement program that prepares students to pass the CompTIA A+ certification exam, is one example of a highly successful job-training model within the tech industry. You can visit this site to know more about it.

Among the best practices that IT Ready follows are: It is zero-based. Applicants are not required to have any existing IT skills; they are instead selected based on interest, attitude and work ethic.

In addition to reading traditional academic study materials that expand their breadth and depth of knowledge, students are given hands-on experience working with modern and relevant technology while being monitored and mentored by certified IT professionals.
CompTIA works closely with employers to align skills training with actual workforce needs; students are trained on the exact technologies they will be using in job situations.
In addition to hard skills, students are trained on important soft skills such as punctuality, time management, collaboration and teamwork.

As successful as the IT Ready framework has been, it does not currently offer cybersecurity-specific training tracks. The traditional pipeline for candidates moving into cybersecurity has been from computer networking. However, many experts feel that cybersecurity can be a standalone area of expertise, filled by personnel with diverse backgrounds and experience levels.

To address the needs of companies that do not have the in-house resources to set up and run their own job training program, CompTIA is collaborating with its partners to develop programs specifically aimed at addressing the cybersecurity skills shortage. These “cyber academies” will be similar to IT Ready, but instead of training students to sit for the A+ exam, the goal is get real world cybersecurity experience while pursuing a CompTIA Security+ certification.

Some employers may be leery of implementing in-house training, fearing that apprentice cybersecurity workers may wash out or, once trained, be poached by competitors. However, these same risks exist when hiring applicants off the street, and keeping security job openings unfilled for weeks, months or even years is even riskier. How many cyber attacks will your company suffer while waiting for the perfect applicant to walk through the door?


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events


    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)


    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.