(ISC)² has announced its Global Information Security Workforce Study. This report gives a detailed insight into key trends and opportunities in the information security profession. It includes details of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitude toward information security that is of use to companies, hiring managers and information security professionals.
Martin Lee, cyber crime manager, Alert Logic says: "Providing adequate protection against today’s network security threats is tough and requires highly skilled individuals. The demand for security personnel is increasing, yet the supply of such people is not keeping pace and we are experiencing a skills drought. The nature of the drought is so severe that most organisations must face up to the reality that they will not be able to fully staff their security offices and will not be able to provide the full spectrum of security services in-house.
As with any severe drought, we have to admit that it will not rain soon, and we will not be flooded with skilled security staff in the foreseeable future. We must take stock of the facts and adapt our behavior according to the situation. The Managed Services Model where skilled staff are aggregated together and shared across many different companies is the best use of a scarce resource. Companies can assure their security and maintain protection levels by effectively sharing security staff. Not only does this model make the best use of a rare resource, but by aggregating together attack data as well as skilled staff, wider attack patterns that are only identifiable in aggregated data can be discerned, and a better level of protection can be provided."
Mike Spykerman, Vice President of Product Management at OPSWAT observes: "It is worrying that the importance of phishing awareness training in the workplace is declining. Not only is phishing the most common entry point for hackers; a large element of the success of phishing depends on human error and lack of alertness. With clear cyber security policies in place along with regular training, the chance that phishing attempts are successful can be greatly diminished. To help companies set up their employee cyber security policies and awareness training, OPSWAT has put together a list of the Ten Things to Include in Your Employee Cyber Security Policy."