Industry insights

3 steps to close your organization's cybersecurity skills gap

Jeff Peters
January 7, 2020 by
Jeff Peters

The need for cybersecurity professionals is surging to record highs. There are half a million job openings in North America alone — and that number climbs to nearly three million on a global scale, according to (ISC)².

There has never been more demand for skilled cybersecurity professionals — by one estimate, nearly three-quarters of all organizations are affected by the cybersecurity skills gap — yet those professionals are not as confident about their careers as one may expect, according to a recent report from Infosec.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.


Lack of confidence among infosec professionals


The report, 3 steps employers can take to close the skills gap, details the results of a survey of 785 information security professionals. The survey found:

  • 62% lack a clearly defined career path
  • 34% are less than confident about their career goals
  • 38% are less than confident about changing job roles

That uncertainty can have a direct impact on employee skill development. For example, only 33% of respondents without a clear career path rated their technical knowledge and skills above average, whereas 60% of those with a clear career path felt the same way.

The survey also provided insight into specific recommendations employers can take to empower their employees and close their organization's cybersecurity skills gap.


Download Reports


1. Provide career pathways for all levels of employees


Infosec professionals who identified as having a clearly defined path to advance their career were more confident in their career goals, more confident in their skills and spent more time learning compared to peers who lacked a clear path.

"The sheer amount of career options can be overwhelming for those entering the cybersecurity space, and seasoned professionals are often pushed to transition into new roles," the report states. "Implementing a more structured and universal career framework can provide a roadmap for those moving through their careers."

The good news is that a number of popular frameworks exist to help cut through the noise. Implementing one of them, such as the NICE Cybersecurity Workforce Framework, can provide needed direction for employees as well as clarity around associated knowledge, skills and abilities.

This not only increases employee retention — it may help close existing skill gaps within your organization.


2. Invest in employee training


Infosec professionals without employer-sponsored training are almost twice as likely to plan their careers fewer than three months in advance — and twice as likely to lack a clearly defined career path.

"Employers can have significant influence on their employees’ career goals and confidence," the report states. "By investing in employees and focusing on long-term career growth, employers can increase employee retention rates and develop a strong bench that will be better prepared to tackle unforeseen challenges and fill future roles."

In general, employees without a clear professional direction are more likely to suffer career stagnation and languish in self-limiting roles, and are subsequently less satisfied with their jobs and more likely to switch employers. Employee training programs that are sponsored by employers help workers gain insight into the direction their careers will take. This leads to greater confidence in their role, which leads to both self-assurance in their career path and more time spent acquiring new knowledge and skills.


3. Encourage year-round skill development


Cybersecurity is constantly evolving, and ongoing skill development is necessary to keep up with the latest threats and best practices. The good news is infosec professionals are naturally curious: 92% spend at least a few hours every month learning new skills and 59% spend at least a few hours learning every week.

"Whether by personal habit or career necessity, infosec professionals tend to be avid learners," the report states. "Creating a culture that rewards learning new skills and plays into their natural motivators of personal and professional development can boost employee retention and aide recruiting efforts."

Year-round skill development platforms, such as Infosec Skills, can help your team to identify and close skills gaps specific to your organization's goals and maximize your team's training hours.

By providing a route to long-term career development and creating an environment that encourages and rewards learning, employers can not only decrease employee turnover, but build a stronger, more confident and ultimately more capable team.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Jeff Peters
Jeff Peters

Jeff Peters is a communications professional with more than a decade of experience creating cybersecurity-related content. As the Director of Content and Brand Marketing at Infosec, he oversees the Infosec Resources website, the Cyber Work Podcast and Cyber Work Hacks series, and a variety of other content aimed at answering security awareness and technical cybersecurity training questions. His focus is on developing materials to help cybersecurity practitioners and leaders improve their skills, level up their careers and build stronger teams.