I know a number of young adults who recently graduated from college with degrees in IT security. With all the news about hacks into large corporations and government agencies, as well as the warnings about the threats to the critical infrastructure, it appeared this was the one field that was recession-proof. Yet, all of those young adults struggled to find jobs. The reason in many situations was twofold – a slim budget for cybersecurity and/or management shrugging off the need for good security.
The need for good cybersecurity professionals across all industry is going to increase, with the new Executive Order and the escalating number of high-profile attacks. But right now, there is a serious deficit of security workers. (ISC)2 released its sixth Global Information Security Workforce Study sponsored by Frost & Sullivan that found information security careers are stable and salaries are rising, but the global shortage of professionals is causing a major ripple effect on the global economy.
The study was comprehensive, surveying 12,000 security professionals globally. Some of the highlights (or lowlights, depending on your perspective) included:
- The majority of respondents, including CISOs and top executives, feel their security organizations are short-staffed. As a result, their security incident preparedness and ability to discover breaches has dropped.
- Application vulnerabilities (69%), hackers (56%), hactivists (43%) and cyber-terrorism (44%) are among the top concerns of respondents.
- Brand damage, customer privacy violations and service downtime are the top security priorities.
- Newer technology challenges with BYOD, cloud computing and social media are also adding to the pressure felt by security professionals.
According to ComputerWeekly, Mark Weatherford, deputy under-secretary for cybersecurity at the U.S. Department of Homeland Security, made comments at that Cloud Security Alliance Summit at this week’s RSA meeting that mirrored (ISC)2’s findings. Weatherford said part of the reason is that there aren’t enough people with the right skills, that the problem is a shortage of qualified security workers. I can’t argue with that, but I do wonder, if that is the case, why are so many new graduates in security struggling to get hired?
I’d like to see guys like Weatherford go to colleges and high schools and tell young people what he told a group of security professionals and security journalists. Those folks are already in the game. To attract new talent, you have to give young people a clue what skills they’ll need and what it takes to get their foot in the door.
Rather than lament the lack of skilled security workers, reach out to better attract them into the profession. And be willing to take a chance on the ones fresh out of school.