Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.

Sara Peters, Senior Editor

April 20, 2018

2 Min Read

RSA CONFERENCE 2018 - San Francisco - Invest in more expensive security technology, ask security pros to work longer hours, offer them more money, even train non-cyber employees to do some of the security tasks - those are all methods organizations use to address their shortage of skilled security staff. And according to a new report, they all rank higher on the priority list than providing training to help their security staff learn new skills. 

The national survey of 250 IT decision-makers, released today by Booz Allen and KRC Research, found that 83% of respondents have open cybersecurity positions to fill at their company, with 72% saying it is especially challenging to fill advanced roles like threat hunters and malware reverse engineers.  

In an interview with Dark Reading, here, Booz Allen vice president Anil Markose said, "You walk the show floor here [at the RSA Conference] and see, these products are getting more complicated. So the technical chops to use them," are something companies must have, either on their own teams or through service providers.

"These findings are rooted in what Booz Allen has understood for quite some time – products alone won’t make organizations secure, tools are only effective when a skilled workforce is in place to use them," said Booz Allen’s U.S. Commercial Lead, Bill Phelps, in a statement.

However, the report states, that organizations are using "short-term staffing fixes to protect their business, often making the problem worse. 

To address the shortage of skilled staff, respondents say their business prioritizes turning to tools and software (56%), training non-cyber employees (52%), and asking employees to work longer hours (45% percent). To be more competitive in the market for the best cybersecurity talent, respondents say they prioritize offering candidates the higher compensation (54%) and investing continuously in the latest cyber technologies (51%) over training and apprenticeship opportunities (35%) and paying for further education at colleges, universities or boot camps (34%).

Interop ITX 2018

Join Dark Reading LIVE for an intensive Security Pro Summit at Interop IT X and learn from the industry’s most knowledgeable IT security experts. Check out the agenda here.Register with Promo Code DR200 and save $200.

About the Author(s)

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights