National Harbor, Md. — While the cybersecurity skills shortage continues to plague the industry, the “real problem” lies in how security leaders are addressing the issue, said Sam Olyaei, director at Gartner’s security and risk management group.
“The problem is really our mindset has to be shifted away from thinking about open roles that can be hired out in the market to actually optimizing the security function in ways that can actually help you procure the competencies we need,” Olyaei told attendees during a session at the Gartner Security & Risk Management Summit.
According to a Gartner survey, 61% of organizations admitted that they are struggling to hire security professionals.
Most organizations struggle because they don’t know what cybersecurity skills they need or put too much weight on certifications, Olyaei said. They haven’t mapped everything back to a workforce strategy or framework to figure out what they need, he added.
“We have to look for alternative, emergent techniques that we can use to not only source these people, but build them,” he said.
When it comes to security roles, he said, there is a lack of standardization around titles, names, terminology…
