Cybersecurity is a career that is increasingly broadening in scope as cybercriminals test the skills and resilience of security professionals by constantly changing and improving their attack tactics. In 2017, for example, there was a doubling of cybersecurity incidents; just when we think it can’t get any worse, it does (1).
This broadening of the scope of the cybersecurity industry is creating a skills gap. A 2017 study by (ISC)2 has identified a 1.8 million shortfall of cybersecurity workers by 2022 (2) This is driving a need to look outside the perhaps more traditional view of what a security professional looks like and the pathway they must take to enter the industry.
Why does this shortage of security professionals exist?
The (ISC)2 report tries to answer this question. After all, cybersecurity is a lucrative profession, with an average salary of $100,157 for male security analysts (although their female counterparts do earn less). (3) The report found a number of general reasons for the shortfall:
- Lack of qualified personnel
- Leadership not understanding the need for security workers
- The wrong business conditions
- Difficulty in keeping security workers in an organization
- No clear security pathway
The last item on the list above is particularly interesting when you consider another finding in the report: globally, 87% of security professionals did not start in cybersecurity, but came in via another career. (I myself came into this industry from a previous career as an analytical chemist.)
Further issues in the industry compound the above operational problems in recruiting enough cybersecurity professionals. Historically, there has been a view of the industry as being highly technical; you can only work in this industry if you are a programmer. This is becoming increasingly not the case, as cybersecurity takes on a more ‘human-centric’ emphasis, (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/VJLVFVD9RBE/