New SANS report finds cyber talent crisis isn’t about headcount – it’s about skills

A new global study from SANS and GIAC highlights an evolving cybersecurity skills gap, shifting focus from headcount to having the right skills. It underscores the growing importance of training, certifications and strategic HR-cybersecurity collaboration to build and retain strong teams, helping organisations adapt hiring practices and close the skill gap.

A new global study by cybersecurity training provider, SANS Institute and certification body, GIAC, finds that the cybersecurity workforce crisis may be more misunderstood than ever.

In a sharp break from headlines focused on unfilled roles, the 2025 Cybersecurity Workforce Research Report reveals that 52 percent of cybersecurity leaders say the real issue is not the number of people but a lack of the right people with the right skills.

The study, based on insights from nearly 3,400 cybersecurity and HR managers, shows a clear shift in mindset. Organisations are no longer prioritising headcount growth. Instead, they are investing in skills development, internal training, and more strategic collaboration between cybersecurity and HR teams.

“My personal perspective is that we don’t actually have a talent shortage in cybersecurity,” said Helen Patton, former CISO and cybersecurity leader at Cisco. “The real issue lies in understanding the skill sets that are needed for the kinds of roles you have and finding the people who have those skill sets.”

The shift is not just philosophical. This year’s data confirms that technical capability has overtaken work experience and academic degrees as the most valued hiring qualification. Certifications now rank second, with hiring managers placing increasing value on validated, job-ready skills rather than resumes padded with credentials.

“A couple of years ago, it was 70 percent technical expertise and 30 percent attitude,” said Aus Alzubaidi, CISO at MBC Group. “Today, we’re approaching 25–75, where most of the profile is based on attitude. Adaptability and eagerness to learn are now non-negotiable.”

Workplace culture and flexibility also emerged as central themes in both hiring and retention. According to the study, 34 percent of organisations say working well within a team is the most important cultural value in a cybersecurity hire. Remote work, development programmes, and clearly defined career paths are now being recognised as competitive differentiators.

“We frame soft skills as power skills because, in cybersecurity, we’re here to build teams,” added Lynn Dohm, Executive Director of Women in Cyber Security (WiCyS). “Some of the best talent we’ve recruited came from accounting, education, and other unexpected places.”

The study also shows early signs that regulations like NIS2 and DORA are already shaping hiring practices. Nearly half of European organisations say their workforce strategies are now being influenced by privacy, compliance, and risk management mandates.

This comprehensive report, based on global survey responses from HR and Cybersecurity Managers, offers valuable insights on how these two work roles can collaborate effectively to build, develop, and retain high-performing cybersecurity teams.

 

Download the full report here and delve deeper into insights around:

  • How the cybersecurity skills gap is evolving and what it means for your organisation
  • The critical role of cybersecurity training and certifications in team development and retention
  • Effective collaboration strategies for HR and Cybersecurity Managers in the hiring process
  • Adapting to changing workplace values and how they impact hiring and retention
  • 8+ case studies from industry leaders like United Airlines, Cisco, IBM, Airbus, Middle East Broadcast Corporation, and more

 

Read more

Latest News

Read More

The financial impact of retention: Quantifying the full value of talent stability

20 July 2025

Health, Safety & Wellbeing

18 July 2025

When HR leaders face rising burnout and failing wellbeing programs, the real issue may lie deeper than KPIs. A trauma-informed lens reveals root causes—and offers...

Employee Engagement

18 July 2025

Discover how to transform employee engagement from a standalone HR metric into a powerful driver of business success. Employ actionable strategies to directly align engagement...

Newsletter

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

Latest HR Jobs

University of CambridgeSalary: £12,109 pa (based on FTE £28,381pa) plus pension and benefits

University of Oxford – Oxford School of Global and Area StudiesSalary: Grade 6: Point 1 £34,982- Point 7 £40,855 per annum (pro-rata for part time

HR Manager, HR Generalist, CIPD, Payroll Input, Your new company A forward-thinking Multi-Academy Trust – is seeking a proactive and highly organised HR and Payroll

Harper Adams University – Human ResourcesSalary: £35,116 to £38,249 per annum (pro rata for part time hours) Grade 8 (The point of entry will be

Read the latest digital issue of theHRDIRECTOR for FREE

Read the latest digital issue of theHRDIRECTOR for FREE