In the age of digital everywhere, there is an incredible reliance on data and information spanning all company sizes and industries. As a result, vulnerability to cyberattacks is at an all-time high, underscoring the importance of cybersecurity. Many organizations are reinforcing their defenses with structured patch management services as a foundational step within broader cyber programs.
Summary
- This article underscores rising cyber risk amid a widening cybersecurity talent shortage that delays hiring and strains organizations.
- It calls for a multi-pronged workforce strategy—targeted recruiting, training, and development—paired with foundational technical measures such as structured patch management.
- Genesis10 details its turnkey patch management services and partnership with HolistiCyber to provide assessments and roadmaps to address security gaps.
- Industry research (e.g., Marsh survey) confirms cyberrisk is a top management priority, with many firms conducting assessments and emphasizing employee awareness.
Series Background
In the first of a series of cybersecurity articles, The Elephant in the Room: Cybersecurity Threats Pervasive, Yet Opportunities Prevail, Matt McBride described recent incidents of cybercrime and the devastation they caused. He shared information about Genesis10's experience working with organizations to build cybersecurity programs to help shore up their cyberdefense capabilities.
A second piece, Demand for Cybersecurity Grows as Skills Become More Challenging to Recruit, examined the growing talent shortage for cybersecurity specialists, highlighting the importance of creating a multi-pronged cybersecurity talent acquisition plan to attract but also build workforce capabilities through training and cybersecurity workforce development initiatives that include cybersecurity training and awareness.
The Widening Cybersecurity Talent Gap
From our experience, we see that the supply of qualified specialists needed to protect our nation's technology infrastructure is not keeping pace with demand. Research by PwC shows the cybersecurity workforce gap will widen to 1.5 million job openings by 2019, up from 1 million last year. This persistent cybersecurity skills gap is fueling a broader cybersecurity talent shortage. With the nation hovering at near full employment, it has become increasingly difficult to find resources with the skills needed to protect an organization from an attack:
- Businesses are experiencing significant delays of more than six months to fill IT security job vacancies.
- Half or more of cybersecurity job applicants are unqualified.
- In the U.S. every year, employers are failing to fill 40,000 information security analyst jobs.
- The shortage puts a strain on current information security professionals and their organizations, complicating hiring.
The Evolving Profile of Security Hires
“The profile of a security hire has transformed along with development practices and modern infrastructure,” notes Martin Rues, CISO at Outreach Corporation in a piece, Building the Next Generation of Cybersecurity Talent. “Today we require personnel with technical expertise [and] the ability to communicate across the business and balance the needs of multiple stakeholders, from product line managers to ops teams. Candidates need a combination of DevOps, security, and cloud experience.”
The talent market is tight and the cyberthreats continue to change, requiring professionals to keep pace.
Turnkey Patch Management Services
To support our clients, Genesis10 has a turnkey patch management capability to address and shore up known hardware or software vulnerabilities. These patch management services complement broader resiliency initiatives.
Partnership with HolistiCyber
Recognizing cyberrisk as a top management priority, Genesis10 has expanded our ecosystem and partnered with HolistiCyber, a U.S./Israeli cybersecurity consultancy firm that provides nation-state level expertise in cybersecurity to both the public and private sector. For our clients, HolistiCyber will provide cybersecurity advisory services, starting with delivering vulnerability assessment services. Based on the assessment, HolistiCyber will develop a roadmap and go-forward strategy to shore up identified security gaps to include developing a comprehensive sustainability plan.
Industry Research Insights
In August 2018, Marsh released the Global Cyber Risk Perception Survey which provides a lens into the current state of cybersecurity risk management at organizations around the world. Marsh's survey captured the views of more than 1,300 risk professionals and other senior executives globally, representing 26 industry sectors. It found that “nearly two-thirds of survey respondents said that cyberrisk is among their organization's top five risk management priorities.” Within the past 12 to 24 months, the executives surveyed shared that 69% have conducted a cybersecurity assessment to assess and identify cyberrisk as well as to outline a plan of action starting with employee cybersecurity education and awareness training.
Q&A
Why is a cybersecurity and workforce strategy necessary now?
Answer: Organizations rely more than ever on data and digital systems, making them increasingly vulnerable to cyberattacks. At the same time, a widening cybersecurity talent shortage delays hiring and strains existing teams. The article argues that companies need a plan that pairs foundational technical measures—like structured patch management—with a multi-pronged workforce strategy to recruit, train, and develop cybersecurity talent.
What is structured patch management, and why is it foundational?
Answer: Structured patch management is a disciplined process for identifying, prioritizing, and applying updates to hardware and software to remediate known vulnerabilities. Because many breaches exploit known flaws, consistent patching is a fundamental defense that reduces risk quickly and complements broader resiliency initiatives and cyber programs.
How has the profile of a cybersecurity hire changed?
Answer: Beyond deep technical skills, modern security roles demand the ability to communicate across the business and balance stakeholder needs. Candidates increasingly need a mix of DevOps, security, and cloud experience, reflecting shifts in development practices and infrastructure.
What hurdles are organizations facing in hiring cybersecurity talent, and how should they respond?
Answer: Companies face long hiring cycles (often over six months), a high proportion of unqualified applicants, and persistent vacancies (e.g., 40,000 unfilled U.S. information security analyst roles annually). With a broader workforce gap projected into the millions, the article recommends a multi-pronged approach: targeted recruiting, training and development programs, and ongoing cybersecurity awareness to build and sustain internal capabilities.
What services do Genesis10 and HolistiCyber provide to help reduce cyber risk?
Answer: Genesis10 offers turnkey patch management services to remediate known vulnerabilities. Through its partnership with HolistiCyber, clients receive cybersecurity advisory services starting with a vulnerability assessment, followed by a roadmap and go-forward strategy to close identified gaps, including a comprehensive sustainability plan.
What does industry research say about cyber risk priorities and actions?
Answer: Marsh’s Global Cyber Risk Perception Survey found that nearly two-thirds of respondents rank cyberrisk among their top five risk management priorities. In the prior 12–24 months, 69% conducted a cybersecurity assessment and emphasized employee cybersecurity education and awareness as part of their action plans.