(ISC)² Workforce Study: As Threats Evolve, Security Professionals are Concerned About Technology Sprawl

Share Article

Outsourced security services are on the rise; also used as a method to combat security technology sprawl and to make up for the lack of in-house staff

(ISC)²® (“ISC-squared”), the largest not-for-profit membership body of certified information and software security professionals worldwide, with over 100,000 members, today released the results of its seventh Global Information Security Workforce Study (GISWS) in partnership with Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies, conducted by Frost & Sullivan. The study of nearly 14,000 information security professionals worldwide reveals two-thirds of respondents indicate that they are concerned about the addition of multiple security technologies, often referred to as sprawl. Outsourcing, while also increasing, is one method being used to combat sprawl.

“This year’s workforce study validates the increasing reliance of the information security program on IT departments and other business units. Information security is an organization-wide responsibility that requires a holistic commitment, execution and sustainment strategy,” says David Shearer, CISSP, PMP, executive director, (ISC)². “Cloud adoption rates and projected increases in spending on security tools and technologies are further increasing the need for IT and security departments to function collaboratively. Year after year, the study has shown a workforce shortage; but now, we’re finding that the shortage is being compounded with issues that are becoming more prevalent, such as configuration mistakes and oversights that can be detrimental to the security posture of global businesses.”

Likely the largest study of the information security profession ever conducted, the 2015 GISWS was conducted October-December 2014 through a Web-based survey. Since its first release in 2004, the study gauges the opinions of information security professionals and provides detailed insight into important trends and opportunities within the information security profession. It aims to provide a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitude toward information security that is of use to companies, hiring managers and information security professionals.

Key findings from the study include:

  •     For the most part, application security scanning is only conducted post production.
  •     Phishing is the top threat technique employed by hackers.
  •     The estimated time to remediate an attack following a system or data compromise is getting longer.
  •     Training and education are needed most in cloud computing, BYOD and incidence response.
  •     When it comes to retaining information security professionals, support for training and professional security certifications is    essential.
  •     Lack of in-house skills is the top reason for outsourcing.

Consistent security trends from this and the previous studies include:

  •     The information security workforce shortage trend is widening due to an inability for business conditions to support additional personnel and a lack of qualified professionals.
  •     Communication skills are identified as the most important attribute to career success.
  •     Application vulnerabilities and malware were identified as top security threats for the third study in a row.
  •     Information security professionals continue to be satisfied with their jobs and salaries continue to increase.

“We’re seeing greater adoption of advanced analytics and tools that can help security professionals convert intelligence into improving their cyber operations, but today’s workforce is already stretched thin, with many reporting remediation and reacting to alerts as their primary focus,” said Angela Messer, the executive vice president leading Booz Allen’s predictive intelligence business in the firm’s Strategic Innovation Group. “And although the Internet of Things brings great opportunity and connectivity, it will also bring new threats. As organizations shift their focus from defending within firewalls to defending entire cyber ecosystems, cybersecurity professionals will face unprecedented demands. To address this, senior leaders need to invest in a cyber talent management strategy that spans recruiting to career development and succession planning. Across the information security community, it’s time for non-traditional strategies and partnerships to make this field more attractive, especially to the digital generation.”

There will be a speaking session on “Status of the Industry: 2015 Global Information Security Workforce Study” taking place at RSA Conference 2015 on Monday, April 20 from 9:00 a.m.-9:50 a.m. PDT in Room 3022 of Moscone Center West. More information on this session can be found here: http://www.rsaconference.com/events/us15/agenda/sessions/1803/status-of-the-industry-2015-global-information.

The full 2015 GISWS can be downloaded here: https://www.isc2cares.org/IndustryResearch/GISWS/.


About (ISC)² and the (ISC)² Foundation


About Booz Allen Hamilton
Booz Allen Hamilton is a leading provider of management consulting, technology, and engineering services to the US government in defense, intelligence, and civil markets, and to major corporations and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs more than 22,000 people, and had revenue of $5.48 billion for the 12 months ended March 31, 2014. In 2014, Booz Allen celebrated its 100th anniversary year. To learn more, visit http://www.boozallen.com.

For more on Booz Allen’s presence at RSA, visit: http://www.boozallen.com/lp/rsa-usa-2015.

About Frost & Sullivan
Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today’s market participants. For more than 50 years, we have been developing growth strategies for the Global 1000, emerging businesses, the public sector and the investment community. Is your organization prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and emerging economies?

# # #

© 2015, (ISC)² Inc. (ISC)², CISSP, CSSLP, ISSAP, ISSMP, ISSEP, CAP, CCFP, SSCP and CBK are registered marks, and HCISPP is a service mark, of (ISC)², Inc.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Amanda Dalessandro
+1 (727) 742-1853
Email >
Visit website