Categories: Cybersecurity, People

Addressing the cybersecurity skills crisis


Share this content


The third annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and independent industry analyst firm, Enterprise Strategy Group (ESG) has pinpointed the top five roles needed to address the cybersecurity skills crisis.

Top five roles in addressing the cybersecurity skills crisis

Business Leaders 

23% of respondents say business managers don’t understand and/or support an appropriate level of cybersecurity. Job satisfaction and employee retention depends largely upon business leadership’s commitment to cybersecurity, in addition to career incentives and competitive compensation. The number one recommended action is adding cybersecurity goals and metrics to IT and business managers.


CISOs need to be more active with business executives. They want a seat at the board table. CISO success depends upon characteristics like communication skills, leadership skills, a strong relationship with business executives and a strong relationship with the CIO and IT leadership team.


While 93% of survey respondents agree that cybersecurity professionals must keep up with their skills, 66% claim that cybersecurity job demands often preclude them from skills development. This imbalance must be addressed. Additionally, 57% of respondents say security certifications such as CISSP are far more useful in getting a job than doing a job. Prioritise practical skills development over certifications.

HR and Recruiters: 

41% of survey respondents say that their organisation has had to recruit and train junior personnel rather than hire more experienced infosec professionals. Designing their own training program will develop future talent and loyalty. Casting a wider net beyond IT and finding transferable business skills and cross career transitions will help expand the pool of talent.

Educators and Trainers: 

KSA development with face-to-face interaction is most effective, such as attending specific cybersecurity training courses, participating in professional organisations and events, attending trade shows and participating in on-the-job mentoring programs.

“Based upon the results of this year’s and past research projects, it is safe to conclude that cybersecurity progress has been marginal at best over the last three years. ESG and ISSA agree with security researcher, author and ISSA Hall of Fame recipient Bruce Schneier’s quote, “We may be making some cybersecurity improvements but we are getting worse faster.” This issue should be of concern to technologists, business executives and private citizens and continues to cause an existential threat to national security,” said Jon Oltsik, Senior Principal Analyst and Fellow at the Enterprise Strategy Group (ESG) and the author of the report.

Download the report: 2018 ESG ISSA Survey Results

Receive the latest breaking news straight to your inbox