The Perfect Storm: Lack of Security and Cloud Skills

Blog AWS Security Cloud Security

It is a fact that the security industry suffers from a chronic shortage of skilled employees. This global shortage, which ISC2 estimates at 4 million professionals. The global workforce is estimated at 5.5 million people, meaning it nearly needs to double itself to keep up with growing demand.  This is so profound that 71% of organizations report that the cybersecurity skills shortage has impacted them, making it difficult for cybersecurity professionals to do their job.

But wait. There’s more. As if the security skills gap was not challenging enough, organizations now need to address a similar problem in an adjacent field of cloud computing. The rapid adoption of cloud technology demands many more skilled professionals in this field. Sadly, in this case too, the demand greatly exceeds the supply, and the shortage is effecting nearly all organizations. According to a recent survey, nearly all (98%) of global organizations are facing a cloud skills gap. So, when discerning these two trends we can clearly identify that the most acute shortage lays in the converging point between traditional security and the cloud.

What are the immediate implications of this shortage?

This shortage is impacting organizations in different ways. Shortage of security professionals tends to impact the “here and now” while shortage of cloud professionals usually impacts future plans and activities.

Shortage in security personnel creates load on existing security teams. This leads to mistakes and security breaches. It is forecasted that by 2025, lack of talent or human failure will be responsible for over half of all significant cybersecurity incidents. This increased load on existing teams accelerates churn and burnout. It is also detrimental for adopting new products and technologies that could improve security posture.

Shortage in cloud personnel results in slower adoption of cloud technologies, imperfect adoption of security procedures and products (about 25% organizations reported insufficient expertise and training to implement cloud security effectively) and the result is more errors which lead to more security incidents.

What should be done?

Expecting the academia, government or the industry to suddenly produce the required number of trained professionals is naïve (even though the US government is working to address this issue with its recently published “National Cyber Workforce and Education Strategy” and budget allocation). Instead, organizations need to rethink their security and cloud strategies. Instead of thinking of these as two different silos, a single “Cloud-forward” strategy should focus on cloud adoption while maintaining adequate security levels and leveraging the existing manpower. Then, organizations need to adopt security measures that reduce load, that proactively seek and repair vulnerabilities and misconfigurations, and allow even junior analysts to make informed decisions in real-time. Oh- and these products need to be installed and implemented in a breeze- otherwise, there will be no one who could use them.

Summary

With time, security professionals will become cloud security experts. It will happen because most of the systems they will work with will be operating in cloud environments, and because these professionals will see this is a way to “future-proof” their careers. Nearly half of security professionals today see cloud security as the most sought-after skill for career advancement. In the future, security professionals will probably by synonymous with “cloud professional”. But until this happens, organization must acknowledge that the shortage exists, that it’s not going to be resolved anytime soon, and that implementing the right technology today can great reduce the inherent risks of understaffed, underqualified, overworked security teams.

With this in mind, organizations should incorporate automation and AI-based security platforms into their cloud security. Skyhawk Security’s AI-based autonomous purple team continuously analyzes customer cloud infrastructure, proactively runs attack simulation against it and uses the results to prepare verified detections, validated automated response and remediation recommendations to ensure the cloud has the most up to date security defenses in place. This continuous protection process includes learning and automated adaptation of threat detection methods.

Blog

This blog was written by Asaf Shahar, VP, Products at Skyhawk Security The UK Information Commissioner’s Office (ICO) recently fined Liverpool-based law firm DDP Law £60,000 following a ransomware attack that exposed highly sensitive criminal case data. The investigation revealed

AICloud BreachData BreachLLMsThreat Detection
Blog

Skyhawk Security is at the collision of two trends within cloud security – for more than a decade it is clear that the cloud is perimeter less, attackers are logging in and not breaking in, and in addition, threat actors

AICloud BreachData BreachLLMsThreat Detection
Blog

In an increasingly cloud-dependent business landscape, a disturbing trend has emerged that threatens the very foundation of cloud security: credential theft. Recent incidents and reports indicate a dramatic surge in credential theft attacks and subsequent abuse. This indicates potentially devastating

Blog

For the second year in a row, Skyhawk Security stands out in a competitive market! The organization is proud to announce that it has been named a finalist in the 2025 Cloud Security Awards program in two categories: Best Cybersecurity

Blog

Skyhawk Security started in the 3rd generation of Cloud Threat Detection and Response (CDR) platforms at its inception in May of 2022, supporting AWS, Azure, and Google Cloud to deliver a robust Preemptive Cloud Security Platform. The several layers of

Blog

In recent Gartner® research, Emerging Tech Disruptors: Top 5 Early Disruptive Trends in Cybersecurity for 2025, it is noted that there will be a shift from detection and response to preemptive cyber defense using key AI-advancements like Simulation Digital Twins.

See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.