Understanding the Cybersecurity Skills Gap: Expert Insights Part 2
The cybersecurity skills gap is a critical challenge in the industry today, with ongoing debates about its causes, urgency, and solutions. This gap encompasses proficiency disparities and challenges in diversity, inclusivity, and accessibility, all exacerbated by a rapidly evolving threat landscape where adversaries continuously adapt their strategies.
To illuminate this complex issue, we interviewed 12 cybersecurity professionals and spread the responses across 2 blogs. They shared their insights on the key factors contributing to the skills gap, practical steps to address it, and its implications for risk management.
Please enjoy part 2 below, and if you haven’t read part 1 yet, you can find it here.
Panagiotis Soulos
Global Information Security Manager
As a skilled professional in cybersecurity risk management, Panagiotis Soulos says companies should be concerned about the cybersecurity skills gap. As organizations increasingly adopt new technologies and rely on digital operations, they face greater cybersecurity threats.
He says the 2023 ISC2 report reveals that 59% of cybersecurity professionals believe skills gaps could be worse than total staffing shortages. This issue is critical as improperly trained cybersecurity staff can leave organizations vulnerable to costly data breaches. According to IBM’s 2023 report, the average cost of a data breachWhat is a Data Breach? A data breach is a security incident in which unauthorized individuals access sensitive, confidential, or protected information. These breaches can occur through various means, including cyberattacks,... is now $4.45 million, up 15% over three years. Properly trained cybersecurity professionals must protect against these threats and prevent potentially devastating financial losses.
Karla Reffold
Chief Product Officer
An executive with over 15 years of experience in operations, marketing, and sales, Karla Reffold believes the skills situation is improving. Today, numerous training programs and educational initiatives are available, starting from a young age, leading to a more robust pipeline of interested individuals. The career landscape in cybersecurity is shifting from a triangular model to a rhombus, with many mid-level roles but fewer entry-level and senior positions.
To address this, she says hiring managers should create attractive opportunities for experienced professionals or retrain candidates from related fields. Additionally, automation tools are increasingly used to reduce the need for a large team, helping companies manage their cybersecurity needs more effectively without solely relying on the broader job market.
Ian Thornton-Trump
Chief Information Security Officer
Ian Thornton-Trump says companies need to prepare their current and future tech staff for evolving demands by investing in training and offering competitive salaries. Treating skilled workers as disposable commodities only exacerbates the issue. By providing supportive management and proactive training, companies can mitigate their skills gaps and avoid falling behind.
The skills gap in cybersecurity includes both technical and soft skills. While technical skills can be addressed through reskilling and upskilling, a lack of management training for tech professionals often leads to leadership failures. He says companies may struggle to find new tech talent without addressing technological debt or providing clear direction and strategy. Soft skills gaps are evident when tech workers are promoted to management without proper training, leading to high turnover and disruptions. Effective leadership is crucial for both retaining talent and ensuring organizational success.
Kirsten Doyle
Cybersecurity content writer
As a longstanding cybersecurity writer, Kirsten Doyle believes a significant shortage of cybersecurity skills is driven by rapidly evolving cyber threats and technology. Malicious actors continuously refine their tools and techniques, leaving cybersecurity professionals struggling to keep up. This skills gap leaves businesses vulnerable, as they lack the expertise to defend against complex threats. Moreover, she says the challenge is not just finding skilled professionals but retaining them. Continuous advancements in technology require ongoing training, adding pressure on professionals to stay current. High demand and burnout also contribute to high turnover rates.
She adds that Eliminating the skills gap may not be feasible, but progress is possible. Businesses should focus on continuous training, offer internships and mentorships, and collaborate with educational institutions. Creating a diverse and inclusive workforce and removing hiring barriers will also help. Closing the gap requires a collective effort from all stakeholders.
Dimitris Georgiou
Chief Security Officer & Partner of Alphabit
Dimitris Georgiou describes himself as a keen lifelong learner, always seeking the best ways to match business needs with the ever-changing technological and regulatory landscape. In his view, while the gap is a worry, it isn’t just about filling roles; it impacts security effectiveness and staff well-being. Experienced engineers are crucial for identifying and countering sophisticated threats as cyberattacks evolve. A shortage of these skilled professionals leads to burnout among existing staff who are stretched too thin. Understaffed teams face challenges in responding to breaches, leading to prolonged damage and increased errors. Overworked analysts may miss critical alerts or make mistakes due to fatigue, further compounding security risks.
While automated tools are useful, he stresses that they can’t replace human judgment and expertise. Experienced engineers also play a vital role in mentoring and training junior team members, helping to build a stronger security posture within the organization.
Yiannis Kanellopoulos
Founder & Chief Executive Officer of Code4thought
Yiannis Kanellopoulos believes the skills gap significantly heightens cybersecurity risk. The shortage of skilled professionals makes it difficult for organizations to defend against sophisticated and growing cyber threats. This deficiency impairs their ability to detect, prevent, and respond to attacks, increasing the likelihood of breaches and their consequences.
However, he says leveraging technological advancements such as automation, artificial intelligence, and machine learningWhat is Machine Learning? Machine learning is a subset of Artificial Intelligence (AI) that involves the development of algorithms and models that enable computers to make predictions or decisions based... can help mitigate the impact of the skills gap. Investing in these technologies can enhance defense capabilities, improve resilience, and reduce the burden on human resources, thus strengthening overall cybersecurity.
If you enjoyed reading this summary, you can discover more in our free eBook, ‘Understanding the Cybersecurity Skills Gap: The Expert View,’ which is available for download now.