Closing the Skills Gap: Staying Current in a Changing Workplace

By Robin Lyons, CISA, CIA

The Nexus  |  Monday, 10 December 2018

The cybersecurity skills gap has been a reality for organizations for several years and will be for the foreseeable future. The inability of organizations to close that gap is exacerbated by rapid evolution in the workplace. As organizations adopt new technologies, gaps are created between the new skills required of security personnel and the skills these practitioners currently hold. Practitioners can play an important role in addressing the skills gap by acquiring the skills needed to meet changing demands.

In ISACA’s State of Cybersecurity 2018: Workforce Development survey, respondents indicated that the greatest hiring demand is expected at the technical security level for individual contributors, not the management or executive level. Of those responding, 77 percent indicated increased staffing needed at this level whereas nearly the same number (76 percent) reported no additional staffing required at the executive or C-suite level.1

Balance Interpersonal Skills With Technical Skills

Given workforce diversity in age, gender, national origin, technical background and other factors, collaboration is indeed a critical interpersonal skill; however, it is not the only interpersonal skill required to futureproof a career in technology. Balancing interpersonal skills with technical skills will serve technologists in their current roles and continue to serve them as their careers progress.

Practitioners who aspire to positions at the executive level and beyond should develop public speaking skills; there is an expectation that executives should be adept at and comfortable with speaking in board meetings and to internal and external audiences.

Develop Skills That Can Be Objectively Demonstrated

Given the rapid pace at which new technologies are adopted, it is impractical to be an expert in all things IT. As a result, the technologist benefits from taking a tactical approach to skill development. In their current positions, technologists should ensure alignment of technical skills with their organizations’ strategic objectives. For example, if an organization has adopted a hybrid cloud strategy, a technologist should have a solid understanding of capabilities and challenges of public cloud vs. on-premise cloud solutions.

Enhancing knowledge through selected readings or online tutorials may be ways to develop skills for these scenarios. Depending on the technologist’s role, that may be sufficient.

Should the technologist want to be viewed as a subject matter expert by the organization, however, objective demonstration of skills may be a better path to take. Objectively demonstrating a skill can be achieved through practical work experience in the subject area. Alternatively, objective demonstration of skills can be shown through certifications; a certification demonstrates a skill set whereas a one-off course demonstrates proficiency. Practitioners should ensure that the certifications pursued are recognized and appreciated in their industries as well as by their organizations.

Build and Maintain Partnerships Around Emerging Technologies

Leveraging participation in professional organizations and reading e-publications from groups that report on emerging technologies are ways for practitioners to learn about new technologies.

Awareness of new technologies is critical as it allows practitioners to consider if there is a suitable fit for the technology in their organizations. If so, the practitioner has lead time to consider any challenges should the technology be considered and develop possible solutions to those challenges. Similar to monitoring emerging technologies, practitioners should develop a way to monitor pending compliance requirements. Developing an understanding of those requirements enables the technologist to analyze how existing technology and new technology can support new compliance requirements.


The rapid pace of change in the workplace makes this an exciting time to be an IT practitioner. The need to acquire new skills at a fast pace adds an element of challenge to the excitement. Armed with a tactical plan to align skill development with the organization’s strategic objectives, to remain cognizant of the importance of interpersonal skills, and to leverage internal and external professional relationships to monitor emerging technologies, practitioners can meet the challenge of developing skills that keep pace in rapidly changing environments.

Editor’s Note

This article is excerpted from an article that appeared in the ISACA Journal. Read Robin Lyons’ full article, “Skills Acquisition in a Rapidly Evolving Workplace,” in volume 6 2018 of the ISACA Journal.

Robin Lyons, CISA, CIA

Is a technical research manager in ISACA’s Knowledge and Research department. In that role, she contributes thought leadership by generating ideas and deliverables relevant to ISACA’s constituents. She partners with Learning Solutions as a subject matter expert on audit and CSX-related projects. She also writes audit programs, narratives and blogs, and leads projects when any of these functions are cosourced with external resources. Prior to joining ISACA, Lyons was a Payment Card Industry (PCI) subject matter expert for a Fortune 200 corporation and the internal audit director for an institution of higher education.


1 ISACA, State of Cybersecurity 2018: Workforce Development, USA, 2018