With the rapid implementation of new technologies within organizations, a lack of adequate IT security skills has highlighted the need for additional IT security training and certification, a new report says.
According to Frost and Sullivan’s 2011 (ISC)2 Global Information Security Workforce Study, a lack of skills has made many cybersecurity professionals unqualified to adequately secure organizations from threats by social-media, cloud computing, mobile devices and software applications. The IT security community admits further training is needed in these relatively new segments, which are already being deployed without security in mind, the report notes.
The largest skill gap is in cloud computing, with more than 50 percent of respondents reporting having private clouds and 40 percent using software-as-a-service. However, more than 70 percent admitted to needing more skills to adequately secure cloud technology.
The role of the cybersecurity professional is evolving along with the implementation of new technologies. Since software applications represent the top IT security threat to an organization, according to the report, security professionals are increasingly being asked to be a part of the software development cycle. During the software development cycle 81 percent of respondents indicated they were involved in design, 75 percent in requirements, 71 percent in testing and 70 percent coding implementation. Mobile devices represent the second highest threat.
Overall, the job outlook for cybersecurity pros looks good, with an estimated 2.28 million IT security professionals employed worldwide in 2010. That number is expected to nearly double to 4.2 million by 2015. The importance of security certifications for hiring IT security pros is high, with 90 percent of participants involved in hiring IT security staff saying it was very important or somewhat important. The top reasons to hire a certified IT security professional were competence (69 percent), quality of work (54 percent), regulatory requirements (48 percent), company image or reputation (45 percent), customer requirement (41 percent) and company policy (39 percent).
“Certifications will continue to be an important differentiator as the number of professionals necessary to effectively secure organizations continues to increase,” the report stated.
The report was based on a survey of 10,413 information security professionals.