Survey Shows Gap Between IT Security Skills Supply and Demand
BackBy Daniel Margolis, Senior Editor — March 3, 2008
A new survey commissioned by the Computing Technology Industry Association (CompTIA) indicates a gap between employers’ need for IT security skills and their employees’ ability to provide those skills.
These findings are part of a study on skills gaps that CompTIA conducted with the Center for Strategy Research (CSR). Through a combination of a Web-based poll and phone interviews, CSR spoke with more than 3,500 IT managers in the U.S., Europe, Asia, South Africa and other countries, “just to get a sense of what types of skills they’re looking for today and where they’re finding the IT workforce coming up short,” said Steven Ostrowski, CompTIA director of corporate communications.
Among organizations surveyed in nine countries with established IT industries (Australia, Canada, France, Germany, Italy, Japan, the Netherlands, the U.K. and the U.S.), 73 percent identified security, firewalls and data privacy as the IT skills most important to their organizations. But just 57 percent said their IT employees are proficient in these security skills, a gap of 16 percentage points.
“It’s the number one thing that they want, but also has the biggest gap in terms of what’s needed and what’s available,” Ostrowski said. “That’s somewhat troubling [given] all the attention we’ve [paid] to security over these last number of years.”
According to Ostrowski, IT managers reported that they believe the IT security skills available to them are not meeting with demand “because the whole realm of IT security is so dynamic and changes so rapidly that it’s often tough for workers to keep pace with the latest threats and viruses and whatever else is out there.”
CompTIA and CSR sought to learn what IT managers are doing to address this gap. Forty-two percent reported they are sending employees for external, professional training. Forty-one percent are providing incentives, rewards and recognition for employees who take it upon themselves to boost their skills. Thirty-six percent said they’re sending their employees to get certified — most likely security and networking certs — and also are offering other developmental programs such as mentoring, career planning and guidance.
The survey found that the gap between employers’ need for IT security skills and their employees’ ability to demonstrate those skills is even wider in countries such as China, India, Poland, Russia and South Africa, where the emergence of an IT industry is relatively recent. Among respondents in these countries, 76 percent identified security as the top skill their organizations need, but just 57 percent said their current tech staffs are proficient in security, a difference of 19 percentage points.
“As [these countries are] becoming more mature, they’re becoming more cognizant of the security considerations that need to be in place, especially when you consider the things they’re typically working on,” Ostrowski said, identifying these as developmental and business process outsourcing, call center repair and manufacturing. “They realize now that if they’re going to do business globally, then their security credentials or practices have to come up to the standards that we’re used to in more developed countries.”