Survey: IT security employees in demand, but skills lack

Share this article:
There is a wide gap between IT security skills that organizations need and the skills IT professionals bring to the job, according to a new survey by the Computing Technology Industry Association (CompTIA).

The survey, released Wednesday, polled some 3,500 organizations in North America, Europe, and Asia. Security ranked at the top of the list of important technology skills.

“That wasn't a surprise,” said Steven Ostrowski, director of corporate communications for CompTIA. “What was a surprise was the gap between what employers want and the skills IT employees have.”

Among organizations surveyed in nine countries with established IT industries (Australia, Canada, France, Germany, Italy, Japan, the Netherlands, United Kingdom, and United States), 73 percent identified security, firewalls and data privacy as the IT skills most important to their organization today, according to the CompTIA report.

But just 57 percent said their IT employees are proficient in these security skills, a gap of 16 percentage points.

That gap increases in countries where the IT industry is less mature, in particular China, Poland, Russia, and South Africa. In those countries, 76 percent identified security as a top skill need, but only 57 percent said their employees show a proficiency in those skills.

Jeff Combs of Alta Associates, a company that recruits information security and IT risk management professionals for corporate clients, professional services firms and security product vendors, said the survey results fall in line with the skill sets he looks for in his recruits, especially in the areas of identity and access management, application security, and e-discovery.

“There is more need for those areas than people skilled,” Combs said.

He lists two possible reasons for this gap. First, there are fewer college graduates with a discipline in IT. Second, the security threat landscape is always changing, making it difficult to possess the traits necessary to safeguard organizations.

“You're always playing catch up,” said Combs.

Ostrowski agreed.

“Security threats change so rapidly it is tough to keep on top of everything,” he said. “It seems like every time you come up with a solution to one threat, the bad guys have a new threat released.”

Companies are trying to remedy the situation, Ostrowski said, by sending employees for more training and certification, as well as providing reward incentives for those who choose to move into IT security.

It is important for organizations to close the gap between IT security skill needs and their employees' IT security proficiency, Ostrowski added.

“If you can't guarantee data security, your company's reputation is hurt,” he said. “In today's world, data security has to be both an IT and a business issue.”
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

Gartner: 75 percent of mobile apps will fail security tests through end ...

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.

eBay addresses XSS issue affecting auction page visitors

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.