CISOs on the State of the Cyber Talent Gap

Survey: CISOs on the State of the Cyber Talent Gap

This past October, the cybersecurity industry came together during Cybersecurity Awareness Month to raise awareness for a number of key cybersecurity issues and urge the next generation of potential leaders to “See Yourself in Cyber” – the stated theme for this year by the Cybersecurity and Infrastructure Security Agency (CISA).

The theme illustrated the importance of focusing not only on technology, but also better educating on cybersecurity risks and encouraging of more individuals to consider cybersecurity as a viable and exiting career path. This latter effort is significant, with an estimated 2.7 million unfilled positions in cybersecurity in 2021, according to the (ISC)2’s annual Cyber Workforce Study. Each of these unfilled positions represents a crack in the armor protecting the most critical functions of our society, and, by extension, our national security.

During the month, NightDragon collaborated with Cybersecurity Gatebreakers Foundation, a non-profit focused on closing the cybersecurity skills gap through new approaches to finding new talent, to survey top CISOs across a wide range of companies on how the cyber talent shortage impacts them and how their organization is working to close the gap.

Here were some key findings:

  • 55% of respondents agree or strongly agree that their information security team is deeply dedicated to hiring and training the next generation of cybersecurity professionals. 23% said they disagreed or strongly disagreed that their team was deeply dedicated to this goal.
  • 57% agreed or strongly agreed that their organization had the required executive support, budget, headcount and resources to be successful. 27% either strongly or somewhat disagreed with that statement.
  • 70% agreed or strongly agreed that security is a shared responsibility across all departments and leaders at their company. 17% said they disagreed or strongly disagreed with this statement.
  • 57% said their company’s security maturity level was “excellent” or “above average.” Meanwhile, 32% qualified their maturity level as “average” and 8% deemed it was “poor.”
  • 32% of CISOs said the average member of their team had 0-5 years of experience and 38% said their average team member had 6-10 years of experience.

“While there are some encouraging statistics, it is clear that there is still a lot of room for us to grow as an industry when it comes to closing the cyber talent gap and fostering strong cybersecurity postures across every organization,” said Amy De Salvatore, Partner, Business Development and Platform at NightDragon. “By working closely together, hopefully we can help more individuals and employees “See Themselves in Cyber” to close the gap.”

Additionally, a secondary smaller survey of CISOs provided further insights into what challenges organizations face when it comes to cyber talent, as well as what efforts they have underway to foster talent within their organization and local communities. The findings included:

  • 11 of 13 CISOs agreed or strongly agreed that not having enough talent or being able to find the right talent is a challenge to their organization.
  • 6 out of 13 CISOs agreed or strongly agreed that employees who succeed in their organizations have a more traditional cybersecurity educational background.
  • 9 of 13 said they would be open to implementing a strategy to hire less qualified employees and train them on the job, though 6 of 13 said they didn’t think their organization had the capabilities or time to train these less experienced individuals.
  • 8 of 13 said their organization works with local educators, community organizers, non-profits and other bodies to recruit talent, while 4 of 13 said they did not.
  • 8 of 13 said their organization has a mentorship or apprenticeship program in place.

“We’ve heard for years that our industry is hurting for new talent. This survey provides yet more proof of this. Whether we feel it on our teams, which are understaffed and burned out, or within our personal lives, as we suffer breach after breach after breach – we know that the only way we can win the war on cybercrime is to have more defenders. We need more people doing security,” said Naomi Buckwalter, Founder of Cybersecurity Gatebreakers Foundation.

To read more about Cybersecurity Gatebreakers, visit the non-profit’s website.

To read more about NightDragon’s efforts to improve the talent pipeline, visit our ND Talent program page.