The information security field continues to undergo double-digit growth and still faces a critical shortage of skilled professionals says the latest 2013 (ISC)2 Global Information Security Workforce Study.
Fifty-six percent of the 12,000 security professionals surveyed believe there is a workforce shortage, which brings with it job security. More than 80 percent had no change in employer or employment in the past year, and the number of professionals is projected to continuously grow more than 11 percent annually over the next five years. Having a broad understanding of the security field was the top factor for career success in the field.
Yet the cyber security industry isn’t attracting enough staff of sufficient quality to meet these demands, which is putting a strain on current professionals in the industry. IT security jobs remain in demand, but qualified professionals are in short supply.
“There is an apparent skills shortage in terms of the number of people that are required to actually provide advice and guidance on information security,” said John Colley, managing director of (ISC)2 EMEA. “First of all it’s impacting on the workforce itself – 71 percent said they felt under strain because they don’t have enough staff in place.” This affects a company’s ability to effectively respond to incidents and has a direct effect on the organization’s customers, the study found.
Application vulnerabilities rank the highest in security concern according to the study, while mobile devices are a close second. “(Application vulnerabilities exist) because IT doesn’t understand security, and security doesn’t get involved in software development,” said Colley. “Computer science graduates… should understand how to identify security requirements, how to design and architect security into systems, and how to code and test for security weaknesses.”
There are also big security concerns about the ability of protecting sensitive information with BYOD and cloud computing, the study found. A multi-disciplinary approach is required to address these risks. When it comes to cloud computing, organizations should balance the type of cloud environment with their level of acceptable risk and ability to control risk, the study recommends. For example, private clouds that enable an organization to have greater control in security risk management, are a good choice when it comes to the cloud.
Still, many cyber security professionals are pleased with their career. “Information security as a career is resilient,” said Colley. “It’s flourishing, pretty well paid, provides good job security, and has little movement other than career progression.”