Identifying Team Risks through a Comprehensive Skills Gap Analysis

A skills gap analysis will help you identify what security training is necessary and for whom in your organization.

The cybersecurity industry is currently caught in the middle of a vicious cycle. With the digital transformation and adoption of innovative technologies comes an increasing number of Internet-connected devices, resulting in more vulnerabilities being uncovered. These cyber exposures offer the growing number of adversaries new ways to profit from security flaws they’ve exploited. As the threat landscape expands, primarily due to innovative technologies and the aforementioned adversaries, the demand for security professionals grows. Unfortunately, the security workforce is not scaling at the same pace as their adversaries, making it that much more difficult for cyber and IT security teams to keep up with the threats.

And the gap keeps growing…as of November 2019, the estimated current cybersecurity workforce includes 2.8 million professionals, while the amount of additional trained staff needed to close this gap is approaching 4.1 million professionals, according to (ISC)2.

Specifically in cybersecurity, addressing the talent and skill gap problem can actually increase risk. When people are out of the office in traditional training programs, they are unavailable to perform their day-to-day duties. One way to mitigate this issue is effectively using on-demand training on specific skills that can get your team where they need to be. But before considering training, it’s critical to identify what training is necessary and for whom – which can be achieved through a skills gap analysis. 

A 360º Skills Gap View

A skills gap analysis allows you to take a holistic view of your team and their capabilities, assess their skill levels, and prioritize your approach to training. It allows team leaders to ask, “Where does my team fall?” and “What are the priorities for this team to succeed?” or being able to accurately determine that your team is capable from a production perspective. If you’re a manager, an assessment like this also lets you see how your team operates in ways you may not have known or didn’t initially realize were important. Essentially, it allows you to calculate risk. 

So what are the risk factors associated with the team’s skillset? There are a few ways to determine risk. Having a small number of people who are great at one thing is great for productivity on the respective project, but what are the chances that they are unavailable during your project timeline? Or worse – during an emergency incident? Skill gap analyses can inform a risk score through two parameters: the team’s level of expertise in a skill against how proficient it should be, and then how many people on the team meet or exceed that level.

You’ve Got A Score, Now What?

A skills gap analysis is a good starting point, but you need to know how to use this information. The results of your skills gap analysis will allow you to make informed decisions about your team dynamics. To fill in the gaps, do you need to hire/transfer to cover a particular area, should you outsource to fill a gap, or can you skill-up current team members? Chances are it is a combination of training and building out your team. With a skill set assessment, you can then better prioritize and align your team to tasks and projects.

Accurately assessing the available resources allows technology teams to better understand where there is room for improvement. Additionally, it allows teams to screen candidates by comparing them against the current team to make sure they are complementary and avoid potentially overlapping roles. From an onboarding perspective, you can set the baseline at which new hires should be starting in order to integrate into the team quickly. By knowing what the team is good at or where individuals’ interests are, team leaders can provide the right opportunities to keep employees engaged and satisfied with their work, and ultimately their careers. Finally, you can more easily communicate the strengths, progress, and areas of growth to the C-suite and inform decision-makers on the bandwidth available for future innovation or growth.

There are many seats to fill in cybersecurity and there’s no one way to fill the talent void. You can, however, make the most of your available resources by knowing how to employ them in an effective and productive manner. If IT and security teams are effectively engaged, productivity will improve, burn out will decrease, and team success can be not only communicated but celebrated at all levels of the organization.

Mike Gruen

Mike Gruen is VP of Engineering/CISO for Cybrary.


Mike Gruen is VP of Engineering/CISO for Cybrary.