惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
Google DeepMind News
Google DeepMind News
S
SegmentFault 最新的问题
Project Zero
Project Zero
D
DataBreaches.Net
I
InfoQ
L
Lohrmann on Cybersecurity
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
The Register - Security
The Register - Security
Recorded Future
Recorded Future
Vercel News
Vercel News
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
I
Intezer
The Hacker News
The Hacker News
F
Fortinet All Blogs
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
Help Net Security
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Scott Helme
Scott Helme
T
Threatpost
爱范儿
爱范儿
N
Netflix TechBlog - Medium
D
Docker
云风的 BLOG
云风的 BLOG
C
Cisco Blogs
K
Kaspersky official blog
H
Help Net Security
S
Secure Thoughts
T
Threat Research - Cisco Blogs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Security @ Cisco Blogs
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
G
Google Developers Blog
Forbes - Security
Forbes - Security
博客园 - 三生石上(FineUI控件)
博客园 - 叶小钗
B
Blog
Google DeepMind News
Google DeepMind News
Recent Announcements
Recent Announcements
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
P
Privacy International News Feed
Spread Privacy
Spread Privacy
The Last Watchdog
The Last Watchdog

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
CISO
Mary K. Pratt · 2026-07-08 · via Search Security Resources and Information from TechTarget

The cybersecurity talent gap won't be solved by head count alone. CISOs need to fundamentally rethink how they recruit, how they retain talent and what skills they really need.

The cybersecurity talent crisis has moved from a simple numbers problem to a fundamental mismatch between what organizations need and what the workforce can deliver.

While 87% of organizations plan to expand their security teams this year, according to Fortinet Training Institute's "2026 Cybersecurity Skills Gap" report, the CyberSeek online data tool found that there are only enough available cybersecurity workers in the U.S. to meet 74% of employer demand.

As problematic as that data is, it doesn't encapsulate the full extent of the workforce challenge. Cybersecurity leaders are finding not only a shortfall in the number of cybersecurity professionals, but also a significant misalignment between the available skills in the market and those needed in enterprise cybersecurity departments.

Researchers from SANS Institute and GIAC called it "a widening skills gap that organizations struggle to close, even as they increasingly recognize that having the right abilities matters more than simply adding head count," in the "2026 Cybersecurity Workforce Research Report."

"The problem isn't a shortage in head count. We're never going to get the numbers we want to get. It's really more about getting the needed skills," said Brian Correia, director of global cyber workforce strategy and engagement at SANS.

CISOs must modernize their approach to recruiting workers. This involves moving away from a conventional search strategy and adopting one that creates multiple talent pipelines and emphasizes workforce development to ensure hires continuously learn the latest skills.

The impact of the security talent, skills gaps

Staffing challenges affect an organization's cybersecurity posture. Recent research from ISC2 found that 88% of organizations experienced at least one significant cybersecurity event due to cybersecurity skills shortages.

Such findings are particularly troublesome because the increasing use of AI -- both in SOCs and by malicious hackers -- is rapidly changing the types of skills needed by security professionals, putting organizations at even greater risk for incidents as they fall further behind in hiring.

"There are different skill sets needed in security due to AI," said Vikram Desai, senior managing director of cyber strategy, risk and architecture at professional services firm Accenture. "But people don't naturally have them. And very few organizations have training programs in place to help bridge this gap, so there is a giant gap between what is needed and the skills that job seekers present, and we [mistakenly] expect it to resolve itself."

Legacy practices hurt hiring

Desai called the belief that cybersecurity professionals should come fully skilled for existing positions a "legacy mindset." And it's not the only one -- plenty of other legacy recruitment strategies make it challenging for today's CISOs to fill open roles.

For instance, the blanket requirement for candidates to hold a bachelor's or master's degree is, according to Shawn Murray, former president of the ISSA, "an old-fashioned approach that's just not reasonable anymore." Moreover, he said security skills are evolving so quickly that a degree is no guarantee that a candidate has the skills needed at the time of hiring.

Others criticized conventional recruitment strategies that put HR teams or recruiting firms in charge of defining candidate requirements and screening. These processes lead to an unrealistically long list of skills and a misalignment with what the CISO actually needs from a new hire.

Experts said requiring candidates to have prior experience specifically in cybersecurity or IT is also unduly limiting. Murray noted that outdated recruitment and hiring practices can cause a chain reaction in a security organization, where understaffing that results from these practices puts more pressure on existing workers, who then experience burnout and quit, further depleting the team.

A new hiring paradigm

Researchers and CISO advisers identified the following hiring strategies that help CISOs find employees with the cybersecurity skills they need.

Looking outside security

Desai explained that workers of all kinds now have training in risk and security that, when coupled with a business background, can make them invaluable additions to a security team. "We're seeing leading CISOs shift to hiring cyber-savvy people who also know the business," he said.

CISO-led hiring

Another modern hiring practice involves the CISO leading recruitment and retention strategies, Murray said. He found that CISOs who identify the specific skills they need to fulfill their strategic missions, and then work with HR and recruiters to find candidates, are most successful.

Community partnership

Murray shared that leading CISOs also recruit from and develop partnerships with community colleges and training centers, recognizing that those institutions usually offer hands-on experience to students, making them ready to perform on day one at the job.

Retention

Good recruiting practices should be part of an overall talent strategy that includes retention. By ensuring people with the right set of skills are on staff, CISOs can build a bench of future security talent, avoiding the costs and training involved with new hires.

Hiring for technical skills

It's unlikely any candidate will have all the needed skills. Correia said CISOs shouldn't hold out for the perfect fit but rather seek candidates who demonstrate what he calls "technical capability," defined as meeting about 80% of the job's technical requirements. That approach, along with screening applicants for cultural fit and an aptitude for learning, enables CISOs to build teams for today and tomorrow.

Mary K. Pratt is an award-winning freelance journalist with a focus on covering enterprise IT and cybersecurity management.

Next Steps

Cybersecurity career path: A strategic guide for professionals

Dig Deeper on Security operations and management