{"id":15889,"date":"2026-03-03T07:03:23","date_gmt":"2026-03-03T07:03:23","guid":{"rendered":"https:\/\/newestek.com\/?p=15889"},"modified":"2026-03-03T07:03:23","modified_gmt":"2026-03-03T07:03:23","slug":"7-factors-impacting-the-cyber-skills-gap","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15889","title":{"rendered":"7 factors impacting the cyber skills gap"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Individuals with strong cybersecurity skills are in high demand. That\u2019s no secret. What\u2019s most important is the fact that the shortage is preventing many enterprises from building sustainable cybersecurity talent pipelines.<\/p>\n

According to World Economic Forum statistics<\/a>, only 14% of organizations are confident they have the people and skills required to meet their cybersecurity objectives.<\/p>\n

Here\u2019s a quick rundown of seven factors that are impacting security leaders\u2019 abilities to ensure they have the cybersecurity skills their organizations need.<\/p>\n

1. Restricted budgets, increased burnout<\/h2>\n

Budget cuts often drive a security team shortage, says Sameer Ansari<\/a>, global CISO solutions leader at enterprise consulting firm Protiviti. \u201cCISOs are being asked to do more with less,\u201d he states.<\/p>\n

Ansari also notes a growing burnout trend<\/a>, one that sees existing cybersecurity talent increasingly searching for other opportunities due to the high stress and always-on mentality needed by competent cyber professionals. \u201cIncreasing threat complexity is also a challenge CISOs face when trying to source new talent,\u201d he adds.<\/p>\n

Given the fact that the expert shortage isn\u2019t likely to abate soon, many CISOs are now turning to managed services<\/a>, Ansari says. \u201cWe\u2019re hearing from a number of clients that there are certain operational services they\u2019re looking to outsource so they don\u2019t have to worry about dealing with attrition or sourcing talent.\u201d<\/p>\n

Ansari reports that he\u2019s also encountering a growing number of CISOs who are looking internally to fill security roles, seeing if they can retrain software engineers, for example, to gain additional cybersecurity skills to fill-in talent gaps.<\/p>\n

2. Emerging technologies<\/h2>\n

New technologies, particularly AI, are contributing to a cyber landscape that\u2019s evolving so quickly it\u2019s hard for even highly skilled cybersecurity professionals to pace, says Dan Lohrmann<\/a>, CISO at enterprise strategy and consulting firm Presidio.<\/p>\n

AI-driven threats keep moving the target, allowing cybercriminals to attack with unprecedented levels of speed and agility, Lohrmann says. \u201cNew AI defense tools also require fresh skillsets, forcing cybersecurity professionals to either learn how to operate and work alongside a new system or be left behind.\u201d He adds that the cybersecurity skills gap is especially pronounced in the public sector, due to hiring freezes, budget cuts, and various cyber grants drying up.<\/p>\n

Lohrmann notes that CISOs often fail to frame the skills gap as a business risk. \u201cThey neglect to properly communicate its consequences to the board and executive leadership.\u201d Other big mistakes, he notes, is neglecting to take care of the skilled cyber workers they already have and setting unrealistic job requirements.<\/p>\n

3. Conflicting expectations<\/h2>\n

Employers and potential security team candidates often aren\u2019t on the same page, and that mismatch in expectations is the driving force behind the perceived skills gap, says Brandyn Fisher<\/a>, security services director at Centric Consulting.<\/p>\n

\u201cOrganizations often rigidly pursue candidates with a \u2018picture perfect\u2019 profile, expecting senior expertise at compensation levels that don\u2019t match the needed experience,\u201d he states. \u201cOn the flip side, some candidates expect high salaries and specialized work immediately after graduation.\u201d<\/p>\n

Remarkably, despite over a decade of talk about a cyber skills gap, organizations still manage to fill roles. \u201cThis suggests that the real challenge is misaligned expectations, not a lack of capable professionals,\u201d Fisher says. He believes that employers need to be realistic about what they are requesting and what they are offering. \u201cCandidates, likewise, should understand the value they bring and the experience they still need to build,\u201d Fisher advises. \u201cResetting expectations on both sides will help close this gap.\u201d<\/p>\n

4. Outdated thinking, strategies, or operations<\/h2>\n

CISOs play a strategic role in managing cyber risk, but narrowing the skills gap requires a multi-disciplinary approach, says Adi Karisik<\/a>, vice president and CTO of intelligence and cyber at systems engineering and technical services firm Amentum.<\/p>\n

Many organizations resist change, often adhering to outdated processes developed decades ago, Karisik states. \u201cFor instance, decision-making may hinge on legacy systems designed by individuals who have long since retired, leaving critical operations vulnerable and slow to adapt.\u201d<\/p>\n

Organizations must embrace cultural change and modernization, Karisik advises. \u201cCyber threats will not wait for industries to catch up,\u201d he warns. \u201cTo stay ahead, businesses must invest in cultivating a workforce that\u2019s not only skilled, but also capable of responding dynamically to the ever-changing demands of cybersecurity.\u201d<\/p>\n

5. Skills and training mismatches<\/h2>\n

The single biggest skills gap driver is the mismatch between how cybersecurity talent is traditionally trained and the abilities CISOs actually need, says Ron Delfine<\/a>, executive director of the career center at Carnegie Mellon University\u2019s Heinz College.<\/p>\n

The most effective CISOs focus on building skills internally, Delfine says. \u201cFrom a career development perspective, this means investing in interdisciplinary education that blends cybersecurity, management, and policy, as well as developing internal talent through structured upskilling and leadership pathways, not just external hiring and creating teams with complementary skill sets.\u201d<\/p>\n

Failing to build and maintain a strong cybersecurity team can lead to relying on a small number of senior leaders, Delfine says. It can also increase staff burnout. \u201cAll of these factors can lead to slower incident response and recovery due to poor cross-functional coordination as well as difficulty justifying security investments to executives and boards,\u201d he says.<\/p>\n

6. Systemic cyber strategy disconnects<\/h2>\n

The cybersecurity skills gap has moved beyond being a hiring challenge to become a direct operational risk, warns Yash Patel<\/a>, a senior security engineer at Microsoft. \u201cWhile organizations continue to invest in advanced security tools, many lack the human capability required to operate, interpret, and adapt those tools effectively,\u201d he explains. \u201cThe result is a widening disconnect between security intent and security outcomes.\u201d<\/p>\n

Successful CISOs focus on building capability, not just headcount, Patel states. This means hiring based on curiosity and problem-solving ability, investing in hands-on learning, and creating environments in which teams can practice investigations and threat analysis. \u201cEmbedding security knowledge across IT and engineering functions also helps reduce dependency on a small group of specialists,\u201d he says.<\/p>\n

Operationally, the cyber skills gap creates weak and fragile defenses. \u201cTools may be deployed correctly, but detections are poorly tuned, incidents are addressed superficially, and root causes remain unresolved,\u201d Patel warns. \u201cMany breaches occur not because controls were missing, but because teams lacked the expertise to act on early warning signs.\u201d<\/p>\n

7. Failing to simplify and scale<\/h2>\n

Top CISOs accept two facts up front: Teams will always be somewhat understaffed and that the threat landscape is moving at lightning speed, says Aman Sirohi<\/a>, CISO at data security firm Cyberhaven.<\/p>\n

The most effective CISOs don\u2019t try to hire their way out, Sirohi says. \u201cInstead, they narrow the gap by scaling the team through automation, simplifying security operations, improving signal-to-noise, and leveraging AI,\u201d he states. \u201cThe fastest path forward is simplifying the environment, engineering repeatable security outcomes, and using technology to turn people into force multipliers.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Individuals with strong cybersecurity skills are in high demand. That\u2019s no secret. What\u2019s most important is the fact that the shortage is preventing many enterprises from building sustainable cybersecurity talent pipelines. According to World Economic Forum statistics, only 14% of organizations are confident they have the people and skills required to meet their cybersecurity objectives. Here\u2019s a quick rundown of seven factors that are impacting… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15889","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15889","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15889"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15889\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15889"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15889"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15889"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}