Cybersecurity Skills Gap Likely to Boost Managed Security Services
Things have been tough on the cybersecurity talent front for some time. Organizations struggle to fill security positions. When they do, they typically find themselves in a bidding war for the best candidates. Salaries are escalating and the number of unfilled positions continues to soar. Unfortunately, the situation is likely to deteriorate further, according to a couple of new research reports.
The recent Fortinet Cybersecurity Skills Gap study found that 60% of organizations encounter great difficulty in recruiting cybersecurity resources. More than two thirds of those surveyed believe that the shortage of trained or experienced staff creates additional risk for their organizations. Those that manage to find personnel can’t rest on their laurels for long. A shocking 52% admitted to having trouble retaining qualified employees. Such findings make it clear that more and more organizations are going to look to managed security services to fill the void, whether engaging directly with security vendors to manage aspects of the cybersecurity landscape or to managed service providers (MSPs) specializing in security.
Widening Skills Gaps
The skills gap is rapidly trending towards becoming a skills chasm, according to another study by Skillsoft. The 2022 IT Skills and Salary Report takes an annual look at the most in-demand skills and certifications, average compensation, growth opportunities and career sentiment amongst IT professionals. This year’s survey found two thirds of IT decision-makers had gaping skills gaps in their teams. 53% of respondents stated that they are likely to look for a new job in the next 12 months.
Whether due to aggressive headhunting, the Great Resignation, quiet quitting, burnout due to the demands of digital transformation, or overwork due to operating with lowered headcounts, many IT and security personnel are not planning to stick around. No wonder McKinsey cites record rates of turnover across all industries.
Why They Leave
Whether it is recruitment or retention, all organizations face HR challenges that are only going to grow over the coming year. Skillsoft data shows the top reasons for leaving are a desire for better compensation, a lack of training and development, and a lack of work-life balance. Salary demands may place certain security resources beyond the means of some companies. But training is certainly an area where organizations can gain ground by educating their own resources via industry certifications, and incentivizing personnel to take cybersecurity degrees.
Yet the survey found the biggest reason behind a lack of IT and security training to be that management didn’t see a need for it. This finding stands in stark contrast to another data point from the survey: 97% of IT decision-makers agree that certified staff add value to the organization.
- 80% say skills gaps pose high or medium risk to their team’s ability to meet objectives.
- 63% have been unable to fill at least three positions in the last year.
- The top factors driving skills gaps are difficulties with hiring skilled candidates (44%) and employee retention (33%). 26% say not enough is being invested into training.
- The top three most challenging areas to find qualified talent are cloud computing, data analytics/big data/data science, and cybersecurity.
- IT professionals cite the benefits of training to be improved quality of work (56%), increased engagement (41%), and faster job performance (36%).
Managed Service Boom
With such a dearth of a talent and the urgent need to secure the enterprise now, no wonder so many organizations are looking to managed services to fill the gap. Some engage with their existing security vendors and transition some tools from on-premises to being operated as a service by the vendor. Others are using MSPs to take care of security duties such as vulnerability management, endpoint detection and response (EDR), backup and recovery, and even Security Operations Center (SOC) services.
Syxsense operates in both arenas. It offers managed security services for patch management, vulnerability management, and remediation. These services provide real-time, 24-hour security coverage. Syxsense also offers an MSP/MSSP program with a world-class platform that features an orchestration and automation engine to scale business without adding costs.