There is a wide gap between IT security skills that organizations need and the skills IT professionals bring to the job, according to a new survey by the Computing Technology Industry Association (CompTIA).
The survey, released Wednesday, polled some 3,500 organizations in North America, Europe, and Asia. Security ranked at the top of the list of important technology skills.
"That wasn't a surprise," said Steven Ostrowski, director of corporate communications for CompTIA. "What was a surprise was the gap between what employers want and the skills IT employees have."
Among organizations surveyed in nine countries with established IT industries (Australia, Canada, France, Germany, Italy, Japan, the Netherlands, United Kingdom, and United States), 73 percent identified security, firewalls and data privacy as the IT skills most important to their organization today, according to the CompTIA report.
But just 57 percent said their IT employees are proficient in these security skills, a gap of 16 percentage points.
That gap increases in countries where the IT industry is less mature, in particular China, Poland, Russia, and South Africa. In those countries, 76 percent identified security as a top skill need, but only 57 percent said their employees show a proficiency in those skills.
Jeff Combs of Alta Associates, a company that recruits information security and IT risk management professionals for corporate clients, professional services firms and security product vendors, said the survey results fall in line with the skill sets he looks for in his recruits, especially in the areas of identity and access management, application security, and e-discovery.
"There is more need for those areas than people skilled," Combs said.
He lists two possible reasons for this gap. First, there are fewer college graduates with a discipline in IT. Second, the security threat landscape is always changing, making it difficult to possess the traits necessary to safeguard organizations.
"You're always playing catch up," said Combs.
"Security threats change so rapidly it is tough to keep on top of everything," he said. "It seems like every time you come up with a solution to one threat, the bad guys have a new threat released."
Companies are trying to remedy the situation, Ostrowski said, by sending employees for more training and certification, as well as providing reward incentives for those who choose to move into IT security.
It is important for organizations to close the gap between IT security skill needs and their employees' IT security proficiency, Ostrowski added.
"If you can't guarantee data security, your company's reputation is hurt," he said. "In today's world, data security has to be both an IT and a business issue."