Light Dark
December 15, 2016 By Mark Samuels 2 min read

Attempts to build strong corporate defenses could be undermined by a critical lack of IT skills. Executives must take a strategic approach to the expertise gap.

According to a recent report, “Hacking the Skills Shortage,” by Intel and the Center for Strategic and International Studies (CSIS), 82 percent of IT decision-makers are concerned about the cybersecurity skills shortage.

The skills gap presents many challenges to executives looking to stay ahead of the evolving threat landscape. Organizations must take a proactive approach to the security challenges they face.

The Cybersecurity Skills Shortage by the Numbers

Demand for cybersecurity professionals outpaces the supply of qualified workers. According to the report, organizations most commonly covet highly technical skills across. Intrusion detection, secure software development and attack mitigation skills are particularly valued.

More than 209,000 cybersecurity jobs in the U.S. went unfilled through 2015, according to Peninsula Press, which analyzed data from the Bureau of Labor Statistics. The demand for information security professionals is expected to grow by 53 percent through 2018.

The lack of security talent is already having an impact. As many as 71 percent of IT leaders believe the cybersecurity skills shortage is responsible for measurable damage to their organizations, according to Intel and CSIS. Additionally, 1 in 4 respondents claimed their organizations had lost proprietary data due to the cybersecurity skills gap.

Tough Road Ahead in 2017

According to a Ponemon Institute report, technology decision-makers set aside 23 percent of their IT security budgets for cyber resilience. Due to the fast-changing nature of security threats, however, internal technology teams face a tough time staying ahead.

The study also revealed that 71 percent of U.K. organizations rate their cyber resilience as low. The survey, produced in association with Resilient Systems, followed a similar survey of U.S. IT leaders last year, which found that three-quarters of North American firms are similarly ill prepared.

Cybersecurity challenges are likely to increase in 2017 as cybercriminals continue to use creative techniques to open corporate defenses. Chief information security officers (CISOs) should prepare for the increased use of ransomware, extortion and industrial attacks connected to the Internet of Things (IoT), TechRepublic reported.

A New Approach

IT managers tend to get caught up searching for technical skills and fail to consider soft skills when filling positions. Since the biggest threats to security usually stem from people, cybersecurity professionals need strong communication and interpersonal skills.

Businesses looking to deal with the cybersecurity skills challenge should foster new education models, accelerate the availability of training opportunities and diversify their human resources pool, according to Chris Young, senior vice president and general manager of Intel.

The report outlined recommendations for IT decision-makers looking to deal with the cybersecurity skills crisis. First, they should reconsider the minimum credentials required for entry-level IT employment and open their minds to job candidates with nontraditional backgrounds. IT leaders should also provide more on-the-job training and procure intelligent security automation tools that enable analysts to produce better metrics to spot and respond to threats.

 |  |  |  | 
Mark Samuels
Tech Journalist

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature