In order to take advantage of the growing need for security professionals, you have to have the right skills. That’s stating the obvious. The problem is getting those skills is increasingly challenging as organizations pursue new technologies like cloud computing, mobile devices, social media and new applications.
All that comes from Frost and Sullivan’s 2011 (ISC)2 Global Information Security Workforce Study. And the tech security community confirms it, admitting that further training is needed in such relatively new segments. They’re already being deployed without security in mind, the report notes, which is more than a little scary. Frost and Sullivan describes this situation this way:
Information security professionals are stretched thin, and like a series of small leaks in a dam, the current overstretched workforce may show signs of strain.
Seventy percent of the 10,413 security professionals surveyed admitted they need more skills to adequately secure cloud technology. The primary skill they lack was a detailed understanding of cloud computing (92 percent). That’s followed by enhanced technical knowledge (82 percent) and contract negotiation skills (49 percent).
The second highest area of concern was mobile technology, even though 70 percent of respondents have policies for mobile devices in place. Frost and Sullivan believes mobile security could be the single most dangerous threat to organizations for the foreseeable future. For now, software applications are the main threat, and security professionals are increasingly asked to be part of the development cycle.
The area most in need of additional training is information risk management, the survey found, identified by 47 percent of respondents as important. This was followed by applications and system development, forensics, end-users security awareness, security architecture, access control systems and methodology, security management practices and business continuity. Also, nearly 90 percent of respondents involved in hiring said certification was very or somewhat important.
The top industries employing IT professionals last year were professional services, IT, government (excluding armed forces and defense), military, and banking and telecommunications. The average salary of IT professionals in the Americas who didn’t belong to ISC2 was $92,900 while members made $106,900.
— Chandler Harris