The safety industry is currently at a crucial juncture. The International Information System Security Certification Consortium, also known as ISC2, recently released a report titled “Capturing the State of the Situation.”
“A significant development!”
As per the Executive Summary, “Our research indicates that a substantial convergence of economic instability, rapidly advancing technology, fragmented regulations, and widening workforce and expertise gaps is generating significant uncertainty for a profession tasked with safeguarding global networks and devices from threats.” Their recommendation? Leaders in both public and private sectors should extend their support and investment in the security workforce.
To substantiate this claim, they surveyed 14,865 security professionals from various regions including Africa, Asia, the Middle East, North America, Europe, and Latin America.
Key statistics highlighted in the report include:
- 67% of participants expressed a shortage of staff to adequately address security issues.
- Only 52% believe their organizations possess the requisite tools to ensure security over the next two to three years.
- 58% of employers are planning to enhance workforce competency to mitigate the impact of staff shortages.
- Approximately 22% of cybersecurity experts have firsthand experience with or knowledge of layoffs.
- Nearly 40% of individuals have encountered attempts by malicious actors seeking to exploit their insider knowledge.
Notably, the primary contributors to this “perfect storm” are identified as a lack of personnel and deficient skills. It is noteworthy that 67% of respondents agreed that the more critical issue among the two was the absence of essential skills. This insight could prove valuable to individuals entering the field.
Report Insights
Here is a brief overview of the key topics covered, though this only scratches the surface:
Workforce Discrepancy | Despite a growing global security workforce, the demand continues to outstrip the supply. Interestingly, 31% of cybersecurity professionals anticipate further cutbacks, with the workforce gap expanding by 12.6% this year. The Middle East stands out as the only region unaffected by the shortage of cybersecurity professionals.
Current State of Security Workforce | The study, focusing on the repercussions of budget cuts, reveals that nearly half of respondents have been affected by cybersecurity-related cutbacks such as layoffs, reduced spending, and hiring freezes. The entertainment sector witnessed the most layoffs, likely due to events like the Writers and Actors Strikes in Hollywood, while defense personnel experienced the least impact.
Culture and Diversity, Equity, and Inclusion (DEI) | ISC2’s findings indicate that despite significant industry challenges, most cybersecurity professionals are satisfied with their roles a year after the introduction of Employee Experience (EX) ratings. While downsizing has dented confidence, a majority express a strong passion for security work. The report also highlights an increase in non-white and female professionals with age, with 69% of DEI respondents emphasizing the importance of an inclusive environment for team success. The under-30 age group exhibits the highest diversity in the industry.
Emerging Career Paths | Addressing the knowledge gap is crucial for its closure. 80% of respondents agree that there are now more entry points into the cybersecurity sector. Furthermore, nearly 60% of applicants without prior cybersecurity experience have observed an increase in opportunities, with new hires (within the first year) being 14% more likely to hold a bachelor’s degree. The primary motivation for the “happiest” employees entering cybersecurity is the dynamic nature of the industry. Conversely, the least content employees transition due to organizational restructuring that thrusts them into cybersecurity roles.
In-Demand Skills | Hiring managers identify cloud computing security as the most sought-after skill for career advancement in the security domain, with communication skills ranking closely behind. Non-hiring professionals predict Governance, Risk, and Compliance (GRC) expertise to be in high demand. Interestingly, AI/ML capabilities have entered the top five, reflecting their growing importance compared to a year ago.
Certifications | Over the next six months, approximately 20% of respondents plan to pursue cybersecurity professional development certificates, with nearly 50% aiming to do so within the next five years. Skill development remains the primary motivation for certifications as individuals seek to bridge their skill gaps. The report emphasizes the significance of staying abreast of security trends, with organizational support in the form of dedicated research time being crucial for certification attainment.
According to over 14,000 global respondents, the current threat landscape is deemed the most challenging in five decades, with variations across different markets. Sectors like construction and automotive, traditionally less impacted, still report significant concerns at 65% and 64%, respectively. The imminent challenge identified by most security professionals is the risk posed by cutting-edge technologies such as bitcoin, quantum computing, AI, VR, and intelligent automation.
AI/ML and Cloud Security
The report underscores the critical importance of cloud security and proficiency in artificial intelligence (AI) as the most sought-after skills, which is not surprising given the evolving threat landscape. The top two skill gaps identified are zero trust implementation and cloud computing security (38%), closely followed by AI/ML (32%). ISC2 notes that individuals are less inclined to possess and effectively utilize AI/ML skills compared to other cybersecurity competencies, creating opportunities for those proficient in this area. Moreover, expertise in cloud security will remain in demand due to the irreversible shift towards hyper-distributed environments.
As threats evolve and security technology advances, adaptation becomes imperative, as highlighted in this comprehensive report.
