Surviving The Technical Security Skills Crisis

Technical information security skills are in higher demand today than ever before. As IT environments become more
complex and the threat landscape grows more malicious, organizations need skilled technical staff to meet increasing
security and compliance demands. However, this has been a losing battle. IBM counted more than 137 million
attempted attacks against its 3,700-plus customers in 2012, and although
only a tiny percentage turn into incidents, failure can be devastating.1 A
2012 study, for example, revealed that the average enterprise data breach
costs $5.5 million.2
Without the properly skilled technical staff, chief information security officers (CISOs) and other security leaders are
less able to manage risk and protect their organizations. Instead, they are forced to ignore innovation projects and
business priorities and allocate scarce resource just to keep up with basic operational tasks. Ultimately, shortages in
technical security skills across the industry raise the cost of recruiting proper talent and reduce the performance of the
security programs.
All is not lost. Organizations today have suitable alternatives to deal with security skill shortages; security automation,
managed security services (MSS), and outsourcing are all effective methods for compensating for deficiencies in key
security areas. These options help organizations optimize operational efficiency and rapidly improve their security
posture, enabling CISOs to focus on strategic priorities more critical to their organizations’ success.
To help organizations better understand how to handle staff deficiency challenges, IBM commissioned Forrester
Consulting to field an in-depth survey of security leaders at large enterprises (having 3,000-plus employees) located in
North America, Europe, and Latin America.3 The results of the survey confirmed the difficulties that CISOs have in
recruiting and retaining technical security roles, particularly security architects, specialists, and network security staff.
The survey also illustrates the increasing partnership that organizations have with managed security services providers
(MSSPs) to address these challenges.
It’s clear that organizations need to slingshot their current capabilities forward to meet increasing security demands,
and high customer satisfaction levels demonstrate that MSSP partnerships can help. Quite simply, MSSPs can leverage
economies of scale by recruiting skilled professionals that other organizations may not have the ability to source or
retain, and they can then apply this expertise to help a large number of customers improve controls, mitigate risk, and
meet strategic objectives.