(ISC)2 says the IT security workforce is at a crisis point

The CIO-level business angle on the latest tech

At the end of February, (ISC)² in partnership with Booz Allen Hamilton and Frost & Sullivan released its 2013 Global Information Security Workforce Study. The report confirms a few things we already knew about the IT security profession: It offers good stable jobs at very good pay, and there are lots of openings for qualified candidates. In fact, the number of open jobs is reaching a crisis point, according to Julie Peeler, director of the (ISC)² Foundation. Peeler says there will be a need for 300,000 more IT security workers in the next year and our industry isn't developing the people to fill those needs fast enough.

Founded in 1989, (ISC)² is a not-for-profit global organization dedicated to providing education, certification, and peer-networking opportunities for information security professionals throughout their careers. Even if you aren't familiar with the organization, you have heard about its certifications:

Network World - At the end of February, (ISC)² in partnership with Booz Allen Hamilton and Frost & Sullivan released its 2013 Global Information Security Workforce Study. The report confirms a few things we already knew about the IT security profession: It offers good stable jobs at very good pay, and there are lots of openings for qualified candidates. In fact, the number of open jobs is reaching a crisis point, according to Julie Peeler, director of the (ISC)² Foundation. Peeler says there will be a need for 300,000 more IT security workers in the next year and our industry isn't developing the people to fill those needs fast enough.

Founded in 1989, (ISC)² is a not-for-profit global organization dedicated to providing education, certification, and peer-networking opportunities for information security professionals throughout their careers. Even if you aren't familiar with the organization, you have heard about its certifications:

• CISSP - Certified Information Systems Professional
• CSSP - Systems Security Certified Practitioner
• CSSLP - Certified Secure Software Lifecycle Professional
• CAP - Certified Authorization Professional

[ BLACK HAT EUROPE: 10 intriguing security briefings ]

In particular, the CISSP is recognized around the world as the standard of achievement confirming an individual's knowledge in the field of information security.

The 2013 study is derived from the organization's sixth biannual survey that looks at the status of the global information security workforce. The Web-based survey was conducted in the last quarter of 2012 and the report includes input from more than 12,000 respondents from around the world.

The results show this workforce is under tremendous strain, primarily for the following three reasons:

• IT security experts are facing an ever-increasing number of threats and risks to their organizations' well-being.
• The experts are required to keep up with new technologies, each of which has a unique set of security challenges. Among the new technologies impacting business today are mobile computing (BYOD), cloud computing and social media in the enterprise.
• Because of the critical shortage of qualified security professionals and budgets that are still constrained by the economy, people are tasked to do too much with too few resources.

Despite the pressures of the job, there is good news about the IT security workforce. Survey respondents say they don't feel like they are siloed into the IT department; that is, they understand that what they do pervades their entire organization. They see the big picture of how IT security provides value and sustains the well-being of the organization. At the same time, what they are not getting is full support from the C-suite and the board of directors. These latter two groups don't necessarily have the clearest understanding of how IT security pervades their organization, according to Peeler.

When asked what kind of skills they need to excel in their jobs, the first set the experts cited is technical skills, of course. They really need to know their stuff. The other thing that makes them successful is a broad set of management skills. They are improving their communication skills, their leadership skills, their business management skills, and their knowledge of legal and regulatory issues and data breach and privacy laws.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.