Booz Allen Study Sheds Light on Cyber Talent Shortage and C-Suite Accountability in the New Age of Security Threats

A new survey by Booz Allen Hamilton confirms what IT leaders have long suspected: many organizations do not have the cybersecurity staff in place to fully protect themselves from evolving threats.

Fifty-seven percent of the 250 senior IT decision makers surveyed believe that hiring top cyber talent will only become more difficult over the next five years causing organizations to make short-term staffing fixes to protect their business, often making the problem worse. Amid a recent barrage of cyber-attacks, most (83 percent) respondents report that they have open cybersecurity positions to fill at their company, with 72 percent saying it is particularly challenging to identify and hire new, high-quality cyber defenders – like advanced threat hunters and malware reverse engineers.

“These findings are rooted in what Booz Allen has understood for quite some time – products alone won’t make organizations secure, tools are only effective when a skilled workforce is in place to use them,” said Booz Allen’s U.S. Commercial Lead, Bill Phelps. “The cyber talent gap has become an existential threat. Organizations will only find success through sustained investments in people like robust training and finding more effective ways to leverage scarce talent.”

Booz Allen offers five best practices to effectively and sustainably address the cyber talent gap:

1. Take a multi-dimensional approach: Develop both cyber natives and novices, and establish well-defined career paths that allow employees to learn in new contexts.
    
2. Move the organization—and talent—out of reactive mode: Use automation tools to address routine cyber tasks so talent can prioritize more challenging cyber problems like advanced threat hunting.
    
3. Reframe training approaches: Offering competitive compensation and benefits are table stakes. All employees must have time for diverse and experiential training like capture the flag games, purple teaming and other “live fire” type exercises.
    
4. Look beyond certifications: Ensure recruiters are looking for soft skills to augment the traditional abilities of cyber defenders. Organizations should validate expertise through skills-based assessments.
    
5. Use sourcing and industry partnerships strategically: Traditionally in IT, sourcing was used to reduce costs by contracting third parties to perform commoditized tasks. Security companies must use sourcing and partnerships to secure access to scarce premium skills. Outsourcing should be more about securing advanced capabilities than about reducing costs.

For more detailed survey findings, click here.

Booz Allen is committed to preserving the safety of your world. Learn more here.