The Crippling Talent Crisis in the IT Security Industry - The Way Forward
For organizations around the world, the one factor that still remains a concern is that of protecting confidential information from unauthorized sources.
While there are IT security technologies that can help, it will not make a difference unless there is complete cooperation among the security personnel, the system administrators, the management, and the employees towards effective implementation of such security measures.
Thus, throughout its tenure, an organization will always face major security-related challenges. A hacker attack will lead to the loss of not only all the confidential documents, but also the reputation of the organization and the faith of the customer.
And now, there is something going terribly wrong in the IT security industry that is putting all of us at risk.
Wondering what it is?
The next major security crisis is not an attack – it is the lack of ability to respond to or diminish attacks.
Well, it’s because there is not much talent available to do it.
As the volume and the sophistication of cybercrime methods continue to rise, the army of IT security professionals has suffered a huge blow. There has been a drastic decrease in the ability of IT professionals to counter them, or even address them. Most organizations around the world do not have the resources consistently monitor their networks, determine how they are infiltrated, and counter attacks.
Companies are thus in danger of losing this security battle simply because of the shortage of manpower.
Finding more security isn’t going to be the only solution – companies will have to create them.
“The State of Cyber Security: Implications for 2015” – A Brief of the Survey
In the US, leaders from the government as well as the private sector are constantly reiterating the statement that cyber security is everybody’s business.
However, the problem is there is no workforce to address this challenge.
ISACA teamed up with the RSA Conference to conduct a study called ‘The State of Cyber Security: Implications for 2015’, which details insights to this challenge. The survey used a sample of 649 global cyber security and IT managers and practitioners. Their insights were collected to understand the depth of the challenge, as well as the potential pitfalls and areas of focus.
77% of the respondents said that they had experienced an increase in the number of attacks in 2014.
82% of the organizations expected that they would be attacked in 2015.
And the most alarming finding of them all – less than 50% of the sample believes that their current security team has the ability to detect as well as respond to such incidents.
Plain and simple – there is an insufficient number of skilled and qualified professionals around the world who can protect customers and organizations.
Key Statistics – Shocking Numbers in the World of Information Security
Burning Glass, a Boston based labor analytics firm, showed data that highlights the spike in demand:
From 2007 to 2013, Cyber security job postings grew by 74%, twice more than the growth rate of all the IT jobs combined.
The labor pool, however, is yet to catch up.
US employers posted around 50,000 jobs requesting for candidates with CISSP credentials in 2013.
Only 38% of ISACA members believe that their organization is ready for a sophisticated cyber-attack.
According to Robert Half Technology (RHT), in 2015, the average IT salary is said to have climbed by 5.7%.
Five out of six security titles in RHT’s annual salary guide are getting larger-than-average bumps in pay for new hires:
The same study notes that certifications will drive the starting salaries higher. Under security, the CISSP certification adds a 6% on an average, Check Point Firewall administration skills are worth a 7% bump, Cisco network administration skills add 9%, and Linux/Unix administration skills add 9% to starting pay.
According to the 2015 Global Cyber security Status Report, which surveyed more than 3,400 ISACA members in January, 92% of those hiring cyber security professionals this year say it will be difficult to find skilled candidates. Another 53% of organizations plan to increase cyber security training for staff in 2015, while only 9% say they do enough security training already.
The Reason behind the Problem
1. The Internet of Things
The nature of cyber-attacks are changing drastically. Initially, the most common target was the email, like the messages from ‘banks’ asking for account details. The various other scams include ones where people were informed they were going to receive a large sum of money but had to send some cash first.
With technology getting more and more sophisticated, the attempts by criminals have outpaced the ability of security professionals.
With the advent of the internet of things, more and more devices are beginning to get connected to the internet. And with this comes a shortage of resources to support them. “So the surface of the attack has become increasingly greater,” says Jeanne Beliveau Dunn, VP & GM of Learning@Cisco. “The challenge of a security team has gotten significantly greater and will continue to. By 2020, there will be 50 billion devices that will be connected to some network.”
The shortage of security talent makes this problem much worse. Though budgets are generous, CIOs are struggling to find and hire people with security skills that are up to date. “This year”, says John Stewart, chief security officer and SVP at Cisco, “the industry is short more than 1 million security professionals across the globe”. In short supply, is also security professionals with Data science skills. These are also professionals high in demand since an understanding and analyzing security data helps improve the alignment with business objectives.
2. The Hiring Crisis
There is a huge hiring crisis in cyber security. Organizations all over are in a desperate state to find qualified security professionals and fill the key staff positions. According to the 2015 Global Cybersecurity Status Report that surveyed more than 3,400 ISACA members in January, 92% of those cyber security professionals say that it is difficult to hire or even find skilled candidates. 53% of the organizations planned on increasing their cyber security training in 2015, however 9% say they have enough security training.
“There are currently over a billion dollars’ worth of unfilled positions globally,” says James Arlen, director of risk and advisory services at Leviathan Security Group, a Seattle-based company that provides integrated risk management and information security to Fortune 100 companies and governments.
A report by Burning Glass Technologies suggests that the security job posting have grown from 2007 – 2013 by 74% and that the security jobs take close to 24% longer than regular IT jobs. The Cisco 2014 Annual Security Report estimated that the information security industry will be “short more than a million security professionals across the globe” in 2014.
This IT security crunch has coming at a time when the private and the government sector employees are frantically looking to fill positions in the wake of cyber security threats, data breaches, widespread vulnerabilities like Shellshock andHeartbleed, and expanding compliance mandates. . An (ISC) 2/Frost & Sullivan white paper has stated that more than 56% of the organizations do not have the necessary security staff to manage security threats.
3. Training and Development
Most organizations have underinvested in training their security staff. There are many ways to increase the pool of security professionals with the help of training and development. Several training organizations are now looking to target the former military who have worked in the IT area.
What skills matter most?
When it comes to filling the positions in cyber security, there are various views about the “certification vs. experience” factor. There is however a bottom line, which is that security professionals will need to demonstrate certain and specific skills which may not be as valued in other career paths.
IT professionals may know a lot about the various aspects of security, but often lack a broad perspective. The key aspects for a successful career in cyber security include:
- The skills to find solutions, troubleshoot and find the source of problems.
- The ability to think critically.
- The willingness to do things differently and influence others to try out different things.
- The ability to implement change and help organizations adapt to a new security challenge or requirement.
But there’s a ray of hope! As we speak, schools are graduating more and more security professionals. Technology vendors around the world are working towards making security technologies a lot more comprehensive, and easier to use. The MSSPs are expanding services and helping their clients protect themselves.
Are you among those who need up-skilling? Simplilearn offers world-renowned and accredited IT Security training courses in CISSP, CISA, CEH, and many more.
The world needs your expertise. So get out there and get certified, today!
About the On-Demand Webinar
About the Webinar