August 27

How to fix the looming shortage of skilled security professionals

Faced with a perceived shortage of skilled talent, it’s time change the approach, distribute the workload, and get people to pitch in so we can focus on the valuable security work that demands our attention

At the Black Hat USA Conference in July, Tripwire surveyed 167 attendees to find out the one thing they would change to improve security:

  •  44% would increase the number of highly skilled security professionals
  •  32% would increase their budget
  •  24% wished for executive buy-in to security goals and objectives (note the wording)

The desire for additional professionals matches other reports and claims for the last few years. It seems like the largest challenge to the industry and companies working to improve their security posture is a stunning lack of competent professionals able to do the work.

Be kind, for everyone you meet is fighting a hard battle. — John Watson

When in the trenches, overwhelmed, and burning out, the mountain looks insurmountable. The majority of the teams I work with start early, end late, and put time in on weekends. Most days are spent reacting and bouncing between meetings.

With that daily experience, the conclusion seeking more people seems reasonable. If only we had more skilled professionals, more budget, or more buy-in, everything would be okay.

Would it?

We don’t need more security professionals. We need to distribute the workload, shifting responsibility to others to free up resources to tackle new challenges. Ultimately, those new solutions get pushed out to others, too, in a natural, healthy cycle. Adopting an approach like this means the security team can prioritize and focus on more challenging (and interesting) issues, increasing the value provided to the organization.

Read my suggestions at: How to fix the looming shortage of skilled security professionals


Computer Security, Human Resource Management, Improve Security, Professionals, Security Professionals, Security Team, Security Work

You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!