Cybrary Declassified

While there are over 285,000 unfilled cybersecurity positions in the U.S. alone, finding people with the right skills remains a critical challenge. This 2018 report, based on a survey of 3,100 professionals, explores the learning habits and preparedness of the workforce in an industry plagued by a talent shortage. We delve into why practitioners spend their own nights and weekends—and their own money—trying to level up in a field that moves faster than their training budgets.

The findings reveal a crisis of confidence: 80% of respondents do not feel adequately prepared to defend their organizations. This report rewards the click by unmasking the financial reality of training: half of all professionals pay for their own training out of pocket, and 60% must do it on their own personal time. Organizations that fail to pay for employee development may be actively contributing to the industry’s skills gap.

Crucially, the study identifies training as a high-value, low-resource activity that offers a clear ROI for security operations. Organizations that invest in role-specific training see a significant improvement in preparedness at both the individual and corporate levels. This report serves as a wake-up call for employers to prioritize the “Human Intelligence” that is essential to the future of modern digital business.

Key Findings

• Confidence Crisis: 80% of IT and security professionals do not feel adequately prepared to perform their duties in defending their organization.
• The “After-Hours” Gap: 60% of professionals report using their personal time for training, while only 13% conduct training during normal business hours.
• Out-of-Pocket Training: 53% of respondents pay for their own training; only 15% have all training expenses covered by their employers.
• Recruitment Struggle: Two out of three organizations admit that finding qualified cybersecurity professionals is a persistent struggle.
• Breach Prevalence: One-third of all surveyed professionals report that their organization has already experienced a security breach.
• Training ROI: Targeted anti-phishing and awareness training catapults organizational preparedness perceptions by over 30%.
• Hiring Veterans vs. Training: Company support for ongoing training displays a stronger effect on organizational preparedness than simply hiring veterans with 5+ years of experience.