The emerging threat in the developing cybersecurity skills gap is an issue (ISC)2 has highlighted throughout 2011, and 2012 will be the year when industry really begins to feel it, particularly in London with the Olympic Games coming to town, writes John Colley, CISSP, managing director EMEA, (ISC)2.
Our research shows the average age of people in security is 40, with less than 10% under the age of 29. Looking back to 2008, 17% were under the age of 29. Further, we are expecting the workforce to nearly double by 2015. Where are the people going to come from?
Beyond the numbers, the demands on professionals are changing significantly. Chief information security officers today are at risk of losing insight into the systems that are driving business, with cloud computing, social networking, and numerous personal devices infiltrating the workplace, along with the easy-to-download applications these technology trends bring with them.
We have always managed technical change, but the current pace is unprecedented. These developments will ruthlessly expose the weaknesses in an organisation, while a skills disparity is sure to arise in a workforce experienced at securing corporate-driven systems. Here too, the ageing of our workforce is cause for concern, with a generation gap contributing to the challenge.
Addressing the security skills gap
This skills gap is clearly an issue that cannot be resolved in its entirety in 2012, but there are some concrete steps that should be taken.
As a professional organisation, the (ISC)2 is working hard with partners such as Cyber Security Challenge UK to develop more interest and support to encourage young people to consider a career in this field.
More generally, organisations need to review their competencies in recruitment and the measurement of success – both continue to focus too heavily on the highly measureable technical elements of the job rather than the softer skills that are increasingly considered key.
The London 2012 Olympic Games will be an interesting test of the market. This coincides with government recognition for the need for cyber defences and the Olympics, which earlier this month saw its security budget double, should be a showcase of its commitment.
New systems for the games will clearly call on security know-how; while increased requirements on existing infrastructures, such as border control, will also have an effect. You could compare it to the Y2K issue when companies faced a shortage of competent developers with the correct skills.