Cyber Security Skills Gap Leaves 1 in 4 Organizations Exposed

Cyber Security Skills Gap Leaves 1 in 4 Organizations Exposed

The biggest challenges facing organizations today is the gap between the skills that their cyber security departments have and those that they require. A lack of professionals has also driven companies toward greater reliance on technologies to fill the gap, putting software to work doing the jobs of human operators. This can create a troubling scenario where a security infrastructure might collapse like a house of cards once one system has been compromised. Meeting this problem head-on is one of the great issues the industry has to confront in the near-term.

Why the Skills Gap?

Organizations fall short of their cyber security hiring requirements for a variety of reasons. One issue is the continuing lack of women in the workforce. Another is a heavy reliance on qualifications rather than overt demonstration of skills. Many companies also are reluctant to put near-qualified individuals into positions and allow them to grow into the job through experience. The net effect is under staffing and excessive reliance upon technologies that may themselves be targeted by attackers.

Most estimates of the presence of women in the cyber security workforce place their numbers around 11%. As is the case in many professions, female workers are often paid less that similarly experienced and qualified male colleagues. Simply boosting pay offered to female workers may allow some organizations to attract more talent into their available labour pools.

The excessive emphasis in companies on qualifications can cut them twice. First, many individuals who have the core competencies for cyber security work don’t necessarily seek out professional qualifications. For example, the hacker launching an attack against a server is unlikely to have ever bothered to have gotten certified. Second, not all people who have passed a qualification test are going to be good at the actual job. This can lead to the hiring of staff members who look great on paper but who’ll fail when confronted with a real-world problem.

The issue of rejecting near-qualified applicants also produces drag on the cyber security talent pool. Ruling out an individual on account of the differences in knowledge attained between having worked on a MySQL-based system versus a NoSQL-based system may prove to be a terrible mistake. Worse, it may be a mistake a company doesn’t even realize is being made because they may only be conducting a search for positive matches for specific phrases in resumes. By being more open-minded and using an expanded list of related targets for skills in resumes, organizations can improve their chances of hiring someone competent who can quickly grow into the job.

Evolving to Meet the Challenge

Operations that close the cyber security skills gap often do a handful of things well. Foremost, they tend to start with a broad and diverse pool of candidates for each position. It may seem a little questionable to allow a person with little or no formal education to apply for an advanced job, but it allows the organization to instantly increase its chances of getting a hit for a specific set of skills.

In most cases, cyber security professionals can be presented with real-world examples of problems. This approach, when properly applied, can weed out hires who lack the necessary experience. Not only does this allow candidates with fewer credentials to demonstrate their skills, but it also allows companies to identify candidates who only look good on paper.

A second approach many organizations employ is to push more cyber security tasks onto automated systems. Generally speaking, it’s unwise to leave too much of the load on automated systems, but it can free up staff members from dealing with drudgery. For example, the production of reports or the compression of logs should be automated within any organization. By putting the right monitoring and administrative tools in the hands of staff members, these automated systems allow organizations to expand the potential effectiveness of any one employee.

Building Incentives and Career Paths

Keeping talent within an organization once it has been attained is an important part of addressing the skills gap. If every company is competing against the rest of the world for the same set of workers, the incentives have to be in place for employees to stick with one organization. That means providing clear career paths that professionals can expect to following within the operation.

This once again reflects back on the gender-based issues in the cybersecurity world. High-level positions in cyber security operations are often more likely to be filled by male professionals than their female colleagues. By simply demonstrating that a company offers upward mobility to female employees, an organization can distinguish itself from competitors. Not only will this encourage retention of experienced workers, but it will encourage them to invite competent colleagues who wish to move up in the industry to join the business.

It also represents a great way to reward professionals for engaging in the process of self-improvement. If a firm hires someone who lacks formal education, it can be beneficial to encourage that employee to obtain expected certifications. One of the best ways to do that is to make it self-evident that obtaining those qualifications will lead to career advancement. This approach also ensures that management-level positions will be filled by people from a diverse set of backgrounds and experiences, ultimately reducing groupthink and ensuring that the company-wide message of cybersecurity is being spread from bottom to top.

By placing a value on experience and demonstrated skills, a company can gain access to a broader and deeper pool of talent. This requires putting incentives, such as skills-based pay, on the table and seeing that biases are stamped out in applying them regardless of gender and education. With a small adjustment of an organization’s culture toward cyber security hiring and retention, it is possible to successfully compete for talent.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001





Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?


Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you


Thank you for successfully uploading your CV.

Acumin Alerts


Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.



Thank you for submitting your vacancy.


Create an account to register your contact details, sign up for job alerts and upload your CV


Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management

Submit a Vacancy

Use the form below to submit a vacancy