Full Report
A new global study from SANS and GIAC finds that the cybersecurity workforce crisis may be more misunderstood... The post New SANS/GIAC study finds cybersecurity skills gap, not talent shortage, at core of workforce crisis appeared first on Industrial Cyber.
Analysis Summary
# Industry News: Skills Gap, Not Shortage, Defining Cybersecurity Workforce Crisis
## Summary
A new SANS/GIAC study reveals a significant industry shift in addressing the cybersecurity workforce crisis, indicating that the core issue is a **skills gap**—having the wrong skills—rather than an absolute talent shortage. Organizations are now prioritizing investment in targeted skills development and internal training over simply increasing headcount, with technical capability and attitude rankings overtaking traditional credentials in hiring decisions.
## Key Details
- **Date:** April 14, 2025
- **Companies Involved:** SANS, GIAC
- **Category:** Market Analysis / Workforce Study
## The Story
The 2025 Cybersecurity Workforce Research Report by SANS and GIAC, based on surveys of nearly 3,400 cybersecurity and HR managers, refutes the popular narrative of a critical talent shortage. Instead, 52% of leaders point to a deficiency in having personnel with the *right* specialized skills for current roles. This finding signals a major inflection point where organizations are moving away from aggressive headcount expansion and focusing deeply on internal skills enhancement, strategic collaboration between HR and security teams, and developing formal career paths. Notably, the study confirms that **validated technical skills** are now the most critical hiring metric, closely followed by certifications, while soft skills like adaptability and teamwork are increasingly non-negotiable.
## Business Impact
### For the Companies Involved
- **SANS/GIAC:** Positions them as definitive thought leaders defining the next evolution of cybersecurity training and certification strategy, driving demand for their upskilling programs.
### For Competitors
- **Training & Certification Providers:** Competitors must realign their offerings to emphasize demonstrable, job-ready technical competencies and soft-skill integration, rather than just broad certification coverage.
### For Customers
- **Hiring Organizations:** Can rationalize current hiring struggles by focusing remediation efforts on internal training matrices and precise skill-gap analysis instead of engaging in an unwinnable competition for scarce general talent.
- **Job Seekers:** Need to prioritize demonstrable technical execution and positive career attitude over accumulating non-specific academic degrees or legacy credentials.
### For the Market
- **Workforce Strategy:** Indicates a maturation of the industry where investment shifts from volume to quality and relevance of skills. This validates the creation of specialized roles and targeted educational pipelines (e.g., OT security, cloud governance).
## Technical Implications
The finding that technical capability has overtaken experience suggests a growing recognition that specific, up-to-date technical skills are more valuable than tenure. Furthermore, the increasing value placed on attitude (adaptability, eagerness to learn) highlights the need for training programs that blend technical content with scenario-based problem-solving that fosters cultural fit and quick learning agility.
## Strategic Analysis
- **Market Positioning:** The industry is shifting from a reactive hiring spree to a proactive talent engineering model. Companies that invest heavily in internal mobility and continuous professional development will gain a strategic edge.
- **Competitive Advantage:** Organizations defining clear, skills-based career paths and prioritizing team culture (mentioned as crucial by 34% of respondents) will see improved retention, reducing long-term operational risk associated with high turnover.
- **Challenges:** The challenge for leadership is accurately mapping current technical debt and future technology roadmaps to required skills, which demands unprecedented collaboration between CISO offices and HR departments.
## Industry Reactions
- **Analyst Opinions:** Industry analysts are likely to view this as a healthy sign of market maturity, suggesting that the initial "panic hiring" phase is ending. The focus will now move to vendor solutions that facilitate skills gap analysis and internal mobility.
- **Expert Commentary:** Experts like Helen Patton emphasize that the shortage is contextual, not absolute, justifying investment in tailored career development over external recruitment drives.
- **Market Response:** Expect an increased focus from major vendors and consultancies on offering specific assessment tools and bespoke training partnerships designed to close identified skill deficiencies.
## Future Outlook
- **Predictions and Expectations:** We anticipate increased investment in vendor-neutral and vendor-specific technical training platforms. Furthermore, organizations will launch more formal internal rotation and mentorship programs aimed at transforming employees into needed specialists.
- **What to watch for:** Follow-up reports will likely detail which specific skill areas are most critically deficient (e.g., cloud security architecture, industrial control systems defense) and how companies are measuring the ROI of current upskilling initiatives.
## For Security Professionals
This is a positive time for skilled professionals. Focus efforts on acquiring validated, high-demand technical skills (which are valued most) and explicitly demonstrating a commitment to continuous learning and adaptability in interviews and performance reviews. Certifications that prove hands-on competence will carry significant weight.