Security professional feel overworked

Organisations struggle to find skilled staff, leaving 82% of security teams understaffed.

  • Tuesday, 11th February 2020 Posted 4 years ago in by Phil Alsop

Tripwire has published the results of a survey examining how organisations are experiencing skills gap issues going into 2020. Dimensional Research conducted the survey, which included responses from 342 IT security professionals, in late December.


According to Tripwire’s survey, 83% of respondents feel more overworked going into 2020 than they were at the beginning of 2019, and 82% said their teams were understaffed. The strain on cybersecurity teams is exacerbated by the inability to find experienced staff, and 85% acknowledged it has become more difficult over the past few years to hire skilled security professionals.

“It's getting harder and harder for organisations to fill open positions on their security teams,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Larger organisations, which you might assume have more resources, are experiencing the skills gap issue even more acutely than smaller organisations. It's a challenge to hire the right skill sets – they keep changing along with security, which is always evolving. Nearly all of those we surveyed said the skills required to be a great security professional have changed over the past few years.”

In recent years, cybersecurity conferences and online communities have been emphasising the need to manage work stress and increase focus on mental health. While 93% expressed interest in understanding wellness issues, only 19% of companies provide resources for managing the stress associated with the specific issues of IT security.

In assessing the various ways organisations address the skills gap and strain on their teams, the survey found the following:

  • A large majority (85%) believe managed services are a good option for addressing security skills gaps.
  • Nearly half (46%) said they plan to use more managed services in 2020.
  • Half (50%) said they will invest more heavily in training existing staff.

The survey also explored views on chief information security officer (CISO) involvement. Of the 85% that said they have CISOs in their organisations, 40% said their CISOs are not involved enough in day-to-day operations, while 10% believed their CISOs are already too involved.

Erlin added: “CISOs should be focusing on high-level strategy, but because their teams are understaffed and have an overwhelming volume of work on their desks, they may have to get involved in daily operations, if they haven’t already. To solve the problems caused by skills gap issues, training and managed services are both good approaches. By partnering with providers, organisations can free themselves from operational work and gain insights that will help inform decisions. And because recruiting and training isn’t always possible, managed services provide businesses a way to augment their teams.”