Industry Observations-Web Application Security

What the InfoSec Skills Gap Means for the Future

One of the biggest challenges – if not the biggest challenge – facing information security is the lack of skilled talent. As yet another proof point in a long line of reports all saying the same thing, Cisco’s 2014 Annual Security Report says, “it’s estimated that by 2014, the [IT Security] industry will still be short more than a million security professionals across the globe.” You ask any hiring manager, and they’ll agree. And here’s the thing, we might be able to make a dent in the skill gap with education programs, but by-and-large, the information security skills shortage isn’t going to get solved any time soon.

This says to me…

  1. Breaches will continue at least at the current clip resulting in increased industry and government regulations, which will lead to compliance job openings.
  2. Compensation for competent information security personnel will continue to rise and globalize, regardless of whether the person is experienced or not.
  3. Organizations in the best position to hire, train, and retain security talent will carry the day. Education isn’t going to come in the form of reading or certification, but on the job in a more “trial by fire” way.
  4. Organizations will continue to outsource their security needs to where security talent can be best centralized and scaled.
  5. People with limited background in security will be increasingly tasked with performing security jobs – or at least managing the processes.
  6. Super easy-to-use security products and services will be preferred over the more technically sophisticated and feature rich.
  7. The information security skill shortage is actually going to get worse as the economy improves.

Everyone get busy automating!