Organizations Still Struggle to Hire & Retain Infosec Employees: Report

  /     /     /  
Publicated : 23/11/2024   Category : security


Organizations Still Struggle to Hire & Retain Infosec Employees: Report


Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.



BLACK HAT USA 2021 — Las Vegas — Is the cybersecurity skills shortage overstated? No, according to a recent survey of Information Systems Security Association (ISSA) members. The majority of respondents report the skills shortage is a significant problem that is hurting organizations. 
ISSA, along with industry analyst firm Enterprise Strategy Group (ESG), surveyed 489 cybersecurity professionals and found 57% of organizations have been affected by the skills shortage. Most (95% of) respondents think the cybersecurity skills shortage and its associated effects have not improved over the past few years, and 44% say the problem has gotten worse. Only 5% say the shortage has improved.
We are just not making progress, said ESG Analyst Jon Oltsik, who co-presented the data with Candy Alexander, Board President of ISSA International, in a session at this weeks Black Hat conference titled The Life and Times of the Cybersecurity Professional. 
Security teams are feeling pinched because of the skills shortage, the top ramifications of which include an increasing workload for cybersecurity teams (62%), unfilled open job requisitions (38%), and high burnout among staff (38%).
Data shows the top 3 skills areas where a shortage is most acute are cloud computing security (39%), security analysis and investigations (30%), and application security (30%).
Application security is an area that has been underinvested in for years, said Oltsik. But in an era of cloud native applications, development automation, of DevOps, its become even more important.
Alexander noted that the cultural tension between DevOps and security continues because of a lack of skilled help in application security.
God bless the developers, she said. This has been a fight weve been trying to break through in the ISSA. Were really trying to have a common understanding and language of how can we partner to be better at developing secure applications.
What actions can security leaders take to address the security skill shortage? Respondents were asked what they could do. Their top answers included increasing the commitment to cybersecurity training (39%), increasing compensation (37%), and providing incentives (35%).
To maintain and advance their skillsets, many security professionals need to participate in 40 hours of training each year. Nearly a quarter (21%) of those surveyed did not meet 40 hours of training per year. The main reason, as cited by 48% of respondents, is because their jobs do not pay for 40 hours of training per year and they cant afford it by themselves.
Professionals are crying out for more training, said Oltsik. Training is beneficial. It will decrease risk at your organization, so this is really important.
The full report can be found
here
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Organizations Still Struggle to Hire & Retain Infosec Employees: Report