For the sixth straight year (ISC)2 has released its Global Information Security Workforce Study (GISWS) based on surveys completed by over 12,000 security professionals. As expected the big take-away is that there is a huge shortage of information security professionals, especially for those in the highly-selective government sector. The advice … get them while they’re young so they don’t get led astray.
Here are the key findings according to the report (with some our thoughts in italics).
- Secure software development, more than any other discipline, is where the largest gap between risk and response attention by the information security profession exists.
- Information security is a stable and growing profession. (Did we really need a study to prove this?)
- (ISC)2 membership and location drive higher salaries. (Yep, get your CISSP today and you’ll make more money! A little self-serving, no?)
- Even with past annual growth in the double-digits, workforce shortages persist.
- Knowledge and certification of knowledge weigh heavily in job placement and advancement. (This should not be the case but unfortunately certification is a necessary evil to meet many government requirements and get past HR. Again … this take-away seems to be a little self-serving.)
- Application vulnerabilities rank the highest in security concern. (Makes sense… Most network devices, OSs, and supporting infrastructures [e.g., databases, web servers, etc.] are well documented from a hardening perspective. It’s the one-off applications that are causing most of the problems.)
- While attack remediation is anticipated to be rapid, security incident preparedness is exhibiting signs of strain.
- Information security professionals trump products in securing infrastructure effectiveness. (We wish this wasn’t the case. Ideally properly trained and motivated “people” should be #1. This is one area where we need to change.)
- Security concern is high for BYOD and cloud computing.
- New skills, deepening knowledge, and a wider range of technologies are needed.
But don’t take our word for it. Get the full report over on the ISC2Cares.org website. Also here are some other interpretations of the report from a few news sites and blogs.
- “Shortage of infosec pros equals frequent and costly data breaches” – Net-Security.org
- “You Call This an Army? The Terrifying Shortage of U.S. Cyberwarriors.” – NationalJournal.com
- “RSA 2013: (ISC)2 report says shortage of skilled infosec pros hurts economy” – CSOOnline.com
Any comments on the key takeaways? Let us know in the comments below. Today’s post pic is from SeekLogo.com.