When considering what the skilled cyber-security staff shortages are likely to be in this country going forward, it's worth looking at there the US is today. US businesses employed 82,900 information security analysts in 2014, and this number is expected to grow to nearly 100,000 analysts by 2024 - a full 18 percent increase over a decade, a growth rate exceeding the average of all occupations. Although this growth rate far exceeds the average of all occupations, it will still not be large enough to satisfy the growing need for skilled analysts in both the federal and private sectors.
According to http://cyberseek.org, 22,635 vacant positions are currently posted online for cybersecurity-related analyst positions (alternative / common job titles include Information Security Analyst/ Security Analyst/ IT Security Analyst/ Cyber Security Analyst/Senior Security Analyst). This shortage is only expected to grow as more and more organisations will need analysts to operate their cyber-security systems, which, in turn, grow in scale and complexity every year. Even today, CISOs report that their recruitment efforts are hampered by lack of talent and a dearth of internal resources to identify and recruit the rare talent that is out there.
A recent Accenture study into the state of cyber-security across the public and private sectors in the US found that 42 percent of security professionals believe they have inadequate budgets or resources to hire or train the right security talent. Moreover, 31 percent see this lack of training or staffing budget as the single greatest inhibitor to cyber-security readiness.
Widening gap made worse by federal hiring spree
In the US the federal government is expected to greatly increase its use of information security analysts to protect that nation's critical information technology (IT) systems. Currently, 30 agencies are reviewing the resumes of almost 2,500 cyber-security and technology job applicants. However, their lengthy recruitment process (averaging 15 weeks) often results in strong candidates being lost to the private sector.
Many analysts also choose the private sector over the government for reasons related to salary (average US$92,600/year/£69,000), perks and the more relaxed work environment of the corporate world. As a result, several US federal agencies are now offering telecommuting, longer vacations, flexible hours, and very competitive health insurance plans.
Growing the national talent pool
Even if the government and the private sector divide the talent equally, the cyber-security talent pool is still too small. One way the US government is working to change this is by providing free cyber-security training for military veterans. Other potential talent pools include millennials and women, both of which are poorly represented in today's cyber-security job market. Only 11 percent of the world's information security workforce are women, according to the Women's Society of Cyberjutsu (WSC)). As for millennials, only seven percent of cyber-security workers surveyed were under age 29, with 13 percent aged 30 to 34. The average age of cyber-professionals is 42.
Tapping into this huge talent pool will not be easy, but steps are being taken to make the cyber-security field more appealing to these populations, including teaching girl scouts about cyber-security.
Finding analysts is one thing; finding skilled analysts and equipping them with the right tools is another
According to research by CISCO, “Solving the growing cyber-security problem requires more than skilled security professionals. It requires a combination of people, advanced analytics for proactive threat hunting, comprehensive intelligence for real-time threat awareness, and integrated security architectures.”
Indeed, many security pros say that even the greatest analyst will yield mediocre results if forced to operate with poor tools. It is only by combining skilled manpower with powerful, cutting edge technology that organisations stand a chance of achieving sufficient security.
Contributed by By Gilad Peleg, CEO, SecBI
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.