New (ISC)2 study reveals acute information security skills shortage

PresentationThe newly released Global Information Security Workforce Study by (ISC)2 predicts that the global information security workforce shortage will reach 1.5 million within five years due to the fact that demand for personnel outpaces the supply.

(ISC)2 surveyed about 14,000 information security professionals over a four-month period. Among other themes, the study explores the state of the information security profession, giving us the following key findings:

Job satisfaction, retention and salaries

  • 46% of security professionals characterised themselves as “somewhat satisfied” and 30% as “very satisfied”.
  • In a single year – 2014 – nearly one in five security professionals changed employers or employment status, with 14% of respondents reporting that they “changed employers while still employed”. Employee churn is at its highest compared with the results from the previous 2011 and 2013 studies, and according to the report this is “the first sign of rising security professional scarcity.”
  • The average annual salary among the security professionals surveyed was US$97,778. This varies between (ISC)2 members and non-members, and between countries (developed vs developing). The average salary increased 2.1% for members and 0.9% for non-members.

Skills and job roles

  • 62% of respondents report that their organisations have too few security professionals.Healthcare (76%), education (76%) and retail (74%) are the industries that suffer most from skills shortage.
  • While 45% admit that the inability to support additional personnel at this time is the reason for not employing sufficient resources, another 45% state that it is difficult to find the qualified personnel they require.
  • Security analysts are in highest demand, with 46% of respondents saying that their organisation doesn’t have enough, followed by security auditors (32%) and security architects (32%).
  • Communications skills (90%) and broad understanding of the information security field (90%) are being rated as the most important skills for successful information security professionals. Other important skills are awareness and understanding of the latest security threats (89%), and technical knowledge (87%).

Career progress and development

  • 61% of respondents consider offering training programmes as a major initiative for the retention of information security professionals at their organisation. Paying for professional security certification expenses (59%) and improving compensation packages (57%) are the other top initiatives that encourage security professionals to stay with an employer.
  • The top three competences that respondents believe they need to acquire or strengthen to be in position to respond to the threat landscape over the next three years are: risk assessment and management (55%), incident investigation and response (52%), and governance, risk management and compliance (48%).

Overall, the Global Information Security Workforce Study highlights the need for organisations to invest in the professional development of their information security workforce. As they work in a dynamic and constantly changing environment, information security professionals are looking to develop relevant skills and are likely to be planning their career progression a few years ahead. Providing them with access to training programmes and supporting them in acquiring new qualifications are of benefit to both the individuals and their employers.

Training programmes

As an accredited training provider by industry bodies including (ISC)2, CompTIA, BCS and IBITGQ, IT Governance offers a comprehensive and relevant training programme.

Providing a structured learning path, it helps organisations train teams and helps individuals advance careers via industry-standard certifications and increased peer recognition.

Popular courses include CISSP,  CompTIA Security+, CASPCISACISM and ISO 27001 Lead Implementer.

Please note that 15% online discount applies to some of these courses if booked before 24 April 2015.

View all training courses here >>>