IT Security Industry Stagnating Due To Hiring Rules: Report
A report published by the Chartered Institute of Information Security says that the industry is at threat of being ‘overwhelmed’ by cyberthreats if the current state of hiring requirements isn’t relaxed.
It was one of the first public statements from the CIISec institute after being awarded the Royal Charter, and the institute wasted no time in warning of the threats in the cyber landscape if it continues to struggle against the escalating skills crisis in the IT industry.
In a release - which you can access here - warns that “the shortage of cybersecurity professionals around the globe has never been more acute. New research by (ISC)2 places the estimate at just under 3 million - 2.93 million to be exact - with roughly 500,000 of these positions located in North America.”
“According to (ISC)2’s Cybersecurity Workforce Study, the gap is having a serious real-world impact around the globe… the massive worldwide shortage not only places organisations affected by the shortage at higher risk of cyber attack, but also affects job satisfaction of current cybersecurity staff.”
CIISec’s own research indicates that the overwhelming majority of information security professionals are male - 89% of respondents - and 89% of those were over 35 years-old. Phil Muncaster of InfoSecurity-Magazine says that “much of the problem is that employers continue to prioritise technical experience and skills when hiring, despite the fact that two-thirds (65%) of respondents to the survey claimed that learning on the job is preferable.”
“That means the industry is missing out on a potential trobe of able candidates who have gained commensurate skills in other fields,” Muncaster concludes.
CIISec’s CEO, Amanda Finch says that “the expectation that security is purely a technical subject has led to a focus only on very specific individuals to fulfill roles.”
“Even if we weren’t in the middle of a skills crisis,” Finch continues to explain, “increased diversity should be a priority, but the present situation makes it critical. Expanding the industry’s horizons isn’t only essential to make sure the industry has the skills it needs. It will give a whole range of individuals the opportunity to thrive in a new career, and in the long term protect the industry from stagnation by introducing more varied backgrounds.”
InfoSecurity Mag’s reporting thats that in order to attract a more diverse batch of candidates, the industry needs to first increase awareness of the opportunities this shortage has created. Finch says that “key to all this will be both organisations and individuals having a framework that can show exactly what skills are necessary to fulfill what roles.”
“This will not only help hire the right people, it will also mean that the routes to progress through an individual's career are clearly marked, ensuring that individual who enthusiastically joins the industry doesn’t over time become jaded or burn-out due to a lack of opportunity.”