Networking Nuggets and Security Snippets

Jon Oltsik

Previous Article Next Article

Information Security Skills Shortage Continues

Large enterprises feel the pain most acutely

By joltsik on Thu, 01/19/12 - 2:26pm.

. What's this?

Like other analyst firms, ESG conducts research on IT Spending Intentions annually. One of the things we track is IT hiring plans in all areas including IT security.

In 2011:

• 35% of all mid-market and enterprise organizations planned on hiring security staff

• 22% believed they had a “problematic shortage” of security skills at their organizations

The situation has not improved at all over the past year. In 2012:

• 39% of mid-market and enterprise organizations plan on hiring security staff

• 23% believe they have a “problematic shortage” of security skills in their organization

I dug into the 23% who believe they have a “problematic shortage” of security skills. Interestingly, large enterprises that tend to pay the most for IT skills in general are most likely to have these security skills deficits. For example:

• 18% of mid-market organizations (i.e. less than 1,000 employees) organizations say they have a problematic shortage of information security skills as compared to 26% of enterprise organizations (i.e. more than 1,000 employees).

I also looked at the data by the size of overall IT budget. In this analysis:

• 16% of organizations with IT budgets of less than $5 million say they have a problematic shortage of information security skills
• 21% of organizations with IT budgets of more than $5 million/less than $50 million say they have a problematic shortage of information security skills
• 36% of organizations with IT budgets of more than $50 million say they have a problematic shortage of information security skills

ESG is not the only organization to recognize the security skills shortage. The Center for Strategic and International Studies (CSIS) published similar research about the security skills gap in the Federal sector. As I recall, CSIS said that the Feds have about 1,000 highly skilled cybersecurity professionals proficient in security analysis, forensics, and incident response. Unfortunately, it has the immediate need for at least 10,000.

This skills gap impacts us as a society – all of our on-line data is at risk. We need more cybersecurity training, programs, and funding as soon as possible. The longer we wait, the greater the risk.

Tags

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

About Networking Nuggets and Security Snippets

Jon Oltsik is a principal analyst at Enterprise Strategy Group responsible for the networking and security services at ESG. Prior to joining ESG, Jon was the founder and principal of Hype-Free Consulting. Mr. Oltsik previously served as VP of Marketing & Strategy at GiantLoop Network where he managed all marketing activities and defined the company’s strategic vision. Jon was also a Senior Analyst at Forrester Research where he covered a wide range of infrastructure and IT topics. In this role, he was frequently quoted in business journals, including the Wall Street Journal, Business Week, and the New York Times, and was also the recipient of a prestigious "best research" award for his breakthrough report, "The Internet Computing Voyage."