For many companies with whom I talk, there isn’t a lack of IT talent when it comes to security–just a lack of hours in the day, computing resources and necessary headcount with specific expertise to change the culture from reactive to proactive and strategic risk management. Executives simply expect IT security to do more with less.
But the ability to recruit and retain security experts is an issue in itself. At the MSPAlliance meeting this week in Orlando, it was reported that the unemployment rate for such professionals is less than 1%. The salary for these specialists has doubled in the past three years. No wonder there is a critical shortage to feed this growing monster. And executives are still wary to spend budget on security line items-including staffing. It is still regarded (mistakenly, I might add) as a cost center.