Richard Nealon, information security assurance manager and co-chairman of the (ISC)2 EMEA Advisory Board, explains why the organisation's Workforce Study is so important.
Back in 2004, when the (ISC)2 Global Information Security Workforce Study was first commissioned, only 21 per cent of EMEA-based IT security staff reported directly to a dedicated security department. Further, 26 per cent cited the CSO – a position that had not existed ten years before – as having ultimate responsibility for IT security. It was a revelation to see the firm establishment of the dedicated security department and senior management in our field first documented.
The following year, a third said information security's influence within business units and executive management had significantly increased. But there were challenges to report, too. More than a quarter said they spent most of the workday dealing with internal politics, gathering metrics to justify spend or ‘selling' security to upper management.
This ongoing (ISC)2 study is the only one of its kind dedicated to the issues affecting the people in security, rather than the development of the security market generally. Through the years, we have seen security getting the management face time that we had long craved, people and training become the largest line item in security budgets, and the emergence of the term ‘information security', reflecting focus on data risk and user awareness.
The most recent study, in 2011, showed us that the effects of the growing skills gap were starting to take hold, with stress rising and business systems changing rapidly.
(ISC)2 has again opened this research project and is encouraging all working in the profession to take part. Its scope covers pay scales, skills and training requirements, corporate hiring practices, security budgets, career progression and corporate attitude to information security. By participating, information security professionals – regardless of their level and experience – are providing data pertaining to their challenges, concerns and business drivers, information that is vital to the development of the field.
Many of us working in the profession sometimes feel disenfranchised, that our opinions don't always count and are often not acted upon. This is a chance to be heard.
The study is scheduled to be published in March 2013. To participate, (ISC)2 members are given a unique link from firstname.lastname@example.org. Everyone else can access the study at www.isc2.org/workforcestudy.
Security courses have their origins in network security programmes, so the majority of universities' curricula focus on digital forensics, computer security, IT security and the like. The University of Warwick's one-year masters in cyber security and management course is one of a handful that covers technical and management aspects.
Harjinder Lallie, senior teaching fellow, WMG, says: “Our course imparts knowledge on the strategic deployment and implementation of security so that students develop a well-rounded understanding of the issue, especially if they are looking for a long-term career in infosecurity.” WMG is an academic department of the University of Warwick and one of the largest MSc departments in the country, with close to 700 students.
The university has an agreement with (ISC)2, the global body of infosecurity professionals, for a specially devised three-day, instructor-led CISSP compact course. Students who choose to write the CISSP exam can graduate with an academic degree and associate of (ISC)2 status, which gives them access to the organisation's 4,000-strong professional community.