Is the IT Security Skills Shortage a Myth?

Is the IT Security Skills Shortage a Myth?

IT security managers contend with a variety of information security pain points in their organizations, such as user behavior, cloud security, phishing, and budget constraints. In addition to these issues, staffing information security ranks as one of the top pain points, according to a recent 451 Alliance survey.

In fact, nearly half of the survey respondents report that it is significantly difficult to hire security professionals. Retention is also a problem for most organizations, with 80% of respondents saying security staff is at least moderately difficult to retain.

The bell curve is broken

Questioning the security skills shortage

While organizations report difficulty recruiting and retaining security professionals, job seekers are feeling pain of their own.

At the recent 451 Alliance member webinar Information Security in 2019: Unsolved Problems in a Changing Landscape, an attendee observed that people are starting to question the security skills shortage because they know candidates who are having trouble trying to break into the industry.

What are the roadblocks?

If there is in fact an IT security skills shortage, then why do some candidates struggle to find work?

“Regional shortages, what area of the country you’re in, and what specifically you’re looking for” are variables affecting perceptions of an IT security skills shortage, according to presenter Daniel Kennedy, Research Director, Information Security. For instance, in regions with a nascent tech industry, demand for Infosec professionals may well outpace supply.

Global Trends in Managed IT Security Services
Global Trends in Managed IT Security Services
Download report >>

However, Kennedy added, “there is an entire second set of valid arguments that HR gateways in IT in general and security in particular aren’t working. They’re asking for entry-level positions, not mapping them to the market compensation for the region, and asking for skillsets that aren’t necessarily required for a role.”

For an organization “trying to hire an entry-level person with 15 years of experience and a master’s degree, there is an issue there.” In cases like this, the skills shortage has less to do with the labor force and more to do with sloppy hiring practices.

Kennedy also noted that some enterprises are recruiting security professionals who have the base skillsets they need and providing training for their specific requirements.

Do you have your finger on the pulse of tech trends? Join the 451 Alliance for exclusive research content on industry-wide IT advancements. Do I qualify?