The security industry is at a critical crossroads.To understand the current situation This is a recent report Released by the International Information System Security Certification Consortium (ISC)2.
“Perfect storm”
As they state in their executive summary, “Our research highlights the perfect storm of economic uncertainty, rapidly emerging technology, fragmented regulation, and an ever-widening workforce and skills gap. The results show that this is creating significant uncertainty for professionals tasked with protecting the world’s infrastructure and protecting systems from attacks.” Their conclusion? “Cybersecurity talent needs more support and investment from public and private sector leaders.”
To support that point, they studied the most prominent and geographically diverse group ever. He surveyed 14,865 cybersecurity professionals from across Africa, Asia, the Middle East, North America, Europe, and Latin America.
Let’s take a quick look at the statistics that are worth following in the report.
- 67% said they don’t even have enough staff to troubleshoot security issues.
- Only 52% believe their organization has the resources needed to stay secure over the next two to three years.
- 58% believe they are trying to counteract the effects of the labor shortage by increasing the skill levels of their workforce.
- More than one in five (22%) cybersecurity professionals have experienced temporary or secondary layoffs.
- Approximately 40% are approached by malicious actors who want to leverage their insider status or learn about someone who is an insider.
Notably, skills shortages and labor shortages are two of the major contributing factors to this “perfect storm.” However, what is interesting is that 67% testify that lack of the necessary skills is the worse of the two. Understanding that could give workers an advantage before diving headlong into the industry.
Report contents
This just scratches the surface, but here’s an overview of the most common topics.
Workforce Gap | Despite the global increase in cybersecurity talent, demand still outstrips supply. It’s interesting to note that this year, that gap has widened by 12.6%, and 31% of cybersecurity professionals still expect further cuts to occur.Comprehensive cyber security The workforce gap stands at around 4 million workers, and the only region surveyed that is not at risk is the Middle East.
Current status of cybersecurity human resources | Focusing on the impact of layoffs, the survey found that almost half (47%) have been affected by some form of cybersecurity-related downsizing. Retrenchments, budget cuts, hiring and promotion freezes. Perhaps due to Hollywood’s recent writers’ and actors’ strikes, the entertainment industry has experienced the most cyber layoffs. He has the least military experience.
Culture and DEI | One year after introducing the Employee Experience (EX) assessment, (ISC)2 finds that most cybersecurity professionals are satisfied with their jobs despite significant industry disruption . Although morale has declined due to staff reductions, the majority report a “passion for cybersecurity work in general.” On the DEI side, 69% believe an inclusive environment is essential to a team’s success, with the number of non-white and female workers increasing as they get younger. Therefore, the most diverse age group in this field is the “under 30” age group.
New career path | One of the good things about getting out of a skills gap is rushing to fill it. 80% agree that there are more paths into the industry than ever before. Nearly 60% report seeing an increase in applicants with technical experience (no cybersecurity experience), and new hires (within a year) already have a bachelor’s degree in the field. 14% more likely. What’s the biggest reason why the “happiest” workers enter cybersecurity? The ability to work in an ever-evolving industry. What motivated the least satisfied person to make the switch? “The company restructured and I was thrust into a cybersecurity role.”
Skills in demand | Almost half (47%) of all security professionals believe cloud computing security is the most sought-after skill for people looking to advance their careers, and 32% of recruiters agree . Interestingly, non-recruiters experts predict his GRC skills will be next in demand, while recruiters list communication (slightly lower than cloud computing security). level). Not surprisingly, AI/ML skills, which weren’t even in the top 10 list a year ago, are now in the top 5.
Authentication | Approximately 20% of respondents plan to pursue a cybersecurity professional development certificate within the next six months, and nearly half (49%) plan to do so within the next five years. To close the personal skills gap, skill development remains the biggest driver for certification. Next, it’s important to stay on top of security trends, and the last thing you need to do is “your organization asked you to do it.” And while organizations offer significant incentives for “leveling up,” the report finds that the strongest message of support a company can offer is the time it takes to get it all done, or “for certification.” It suggests that the study is provided in specific blocks of study time.
Cybersecurity Perspectives: Present and Future | Three-quarters of more than 14,000 global respondents indicated that the current threat environment is the worst in five years, but this varies by industry. Even in the least affected industries (construction and automotive), 65% and 64%, respectively, still agreed with this statement. Malicious insiders are the second-biggest immediate challenge for practitioners, with attackers three times more likely to recruit victims of termination to do their dirty work. Going forward, most security experts believe that risks from emerging technologies such as blockchain, quantum computing, AI, VR, and intelligent automation will be the biggest cybersecurity challenge we have to face.
Cloud security and AI/ML
Of course, it is important to reiterate the importance of cloud security and a/ML acumen as primarily in-demand skills. 92% reported a skills gap, with the top two most common being cloud computing security (35%) and AI/ML (32%), followed by zero trust implementation. As AI/ML proliferates, (ISC)2 noted that the workforce is “far less prepared than other cybersecurity capabilities to wield and effectively leverage its power.” This leaves the door wide open for such people. And with the irreversible trend towards hyper-distributed environments, there will always be jobs for those who understand cloud security.
The threat landscape is changing. Security technology is changing. And as this report shows, it’s time for us to change, too.
Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect the opinions of Tripwire.