How security reskilling and automation can mend the cybersecurity skills gap

Demand for cybersecurity skills continues to surpass availability. Here’s how innovations and reskilling can both improve your security posture and support your IT workforce.

ARTICLE | 6m read
April 13, 2020

The pace of digital business is rapidly accelerating, and with it the escalating threat of cybercrime. With the global cost of cyber crime estimated to reach a staggering $6 trillion, IT departments everywhere face growing risk from threats like distributed denial of service (DDoS) attacks, ransomware, and credential theft. But as new threats intensify, many IT teams find their security infrastructure and processes are struggling to scale. This is driving organizations to increase investments in people and technology that mitigate cybersecurity threats.

But while the Bureau of Labor Statistics estimates there will be 31 percent more cyber security workers by 2029, today the demand for security skills is far outpacing the supply. That means organizations can’t simply hire their way out of their security skills shortfall. In this article, we’ll examine the current state of the cybersecurity jobs gap, and how organizations can use both reskilling programs and automation to meet security needs today and into the future.

Why there is a cybersecurity talent crunch

To understand the high demand for cybersecurity skills, consider how much has changed in IT—especially in the last year. From a rapid increase in cloud migrations to a huge shift toward remote work, IT teams everywhere have been forced to adapt quickly to keep up with the changing needs of their organizations. However, the rapid expansion of technology and explosion of remote work has kept IT busy enough. They don’t have the capacity to adequately handle responsibilities ranging from regular security hygiene to the patching and forensics surrounding the latest zero-day threat. This explains why Deloitte identifies rapid IT changes and rising complexities as the number one cybersecurity challenge.

So while it’s no surprise cybersecurity is a thriving career path, there simply aren’t enough security experts to go around. The New York Times estimates there are 3.5 million unfilled cybersecurity positions globally, and less than 25 percent of cybersecurity job applicants are actually qualified for these critical jobs. This cybersecurity talent crunch means you need to find alternative (and innovative) ways to build your organization’s security talent and capabilities.

3.5 million
The number of unfilled cybersecurity positions globally in 2021

- New York Times

How to develop cybersecurity talent through reskilling

With the difficulty of recruiting, hiring, and onboarding new cybersecurity experts from a small talent pool, consider investing in retraining your workforce to organically grow needed cybersecurity skills. Besides avoiding a lengthy headhunting process, this also makes clear economic sense. According to the Harvard Business Review, it can cost six times as much to hire from the outside rather than build talent from within. In addition, focusing on retraining opens up career progression for your best employees—building their skills, morale, and loyalty to your organization.

Here are some leading practices to help design reskilling programs for and foster cybersecurity talent in your existing employees:

  • Target training toward the specific cybersecurity skills your organization needs to be more agile. This enables you to prioritize reskilling in areas like cloud security or security analytics rather than funding multi-disciplinary cybersecurity programs that might not result in expertise with growth opportunities.
  • Offer cybersecurity reskilling to your entire organization, not just IT. With the rapid growth and importance of security careers, you may have employees outside IT who would be interested in switching careers for the thrill of security work.
  • Build training opportunities and classes into employee workflows each quarter, and allocate more time for reskilling during less busy periods. You want to make training a visible priority for your IT team, not something they eventually get around to. Also, consider gamification of skills development to encourage friendly competition and shared celebration of successful security outcomes.
  • Leverage your security-savvy IT experts as mentors who will coach other employees as they deepen their security knowledge and desire for growth opportunities. It’s also helpful to adopt collaboration and work management tools that will track employee progress toward new cybersecurity proficiencies and show the value of human capital investments in security.

The role of automation in mending the security skills gap

One concern about reskilling programs is where IT teams will find the time for training in their continually busy schedules. This is where security automation plays a critical role. By automating mundane security tasks like network monitoring and reporting incidents, IT can take back this time for reskilling while AI and machine learning technology flag any unusual activity for human attention. “As attackers get smarter, security needs to be agile while growing the tools in their arsenal, including leveraging automation,” said Citrix CISO Fermin Serna, “Machine learning can empower security teams with real-time insights into user behavior, helping IT stay one step ahead of threats and identify unusual activity before it turns into a costly breach."


Fermin Serna

When you integrate automation into your security processes, it’s important to emphasize how these technologies will support your IT team rather than replace them. 81 percent of employees are worried about their jobs being taken by AI and algorithms, making them reluctant to hand over even their most boring work to automation. This in mind, don’t just tell your employees AI is going to free them up for more interesting work—train your employees for that interesting work so they feel empowered rather than nervous.

Preparing your IT team for the future of cybersecurity

The future of cybersecurity will offer a myriad of mission-critical jobs, from help desk workers to digital forensics specialists to compliance experts. Each of these roles will require both regular training and specialized automation technology to be successful. By investing in security reskilling and automation across your organization, you can address your security needs today and empower your experts to drive optimal security outcomes for years to come.

About the author

Kurt Roemer
Chief Security Officer, Citrix

As Chief Security Strategist for Citrix, Kurt Roemer leads security, compliance, risk and privacy strategies for Citrix products. As a member of the Citrix CTO and Strategy Office, Roemer drives ideation, innovation and technical direction for products and solutions that advance business productivity while ensuring information governance.