Hearing Voices: The Cybersecurity Pro s View of the Profession

Similar documents
THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

The Life and Times of Cybersecurity Professionals

An Annual Research Report (Part I)

The State of Cyber Security Professional Careers:

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

Hidden Figures: Women in Cybersecurity

BRING EXPERT TRAINING TO YOUR WORKPLACE.

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

Collaboration on Cybersecurity program between California University and Shippensburg University

Position Description IT Auditor

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Cloud Strategies for Addressing IT Challenges

Why the Security Workforce Needs More Women and Men

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

Computer Information Systems

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

building for my Future 2013 Certification

POSITION DESCRIPTION

2015 VORMETRIC INSIDER THREAT REPORT

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

PAIN AND PROGRESS THE RSA CYBERSECURITY AND BUSINESS RISK STUDY

Research Insights Paper

Current skills gap for capable CTI analysts: Training for forensics & analysis

Building the Cybersecurity Workforce. November 2017

Cyber Security and Cyber Fraud

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Endpoint Security Must Include Rapid Query and Remediation Capabilities

NERC Staff Organization Chart

Cyber Security Program

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program

Creating a Cybersecurity Culture: (ISC)2 Survey Responses

Manufacturing Cybersecurity Cooperative Overview

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Certified Information Security Manager (CISM) Course Overview

NERC Staff Organization Chart 2015 Budget

Volume 2014, Number 4. Volunteers Needed!

THE POWER OF TECH-SAVVY BOARDS:

IT Risk & Compliance Federal

Security in Today s Insecure World for SecureTokyo

Modern Compute Is The Foundation For Your IT Transformation

2018 NFP Governance and Performance Study. Key results and implications

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget

UK Gender Pay Gap Report 2018

RSA Cybersecurity Poverty Index

A Global Look at IT Audit Best Practices

UTCS Scholarships for Service

NERC Staff Organization Chart Budget 2019

Professional (CBAP) version 3

NERC Staff Organization Chart Budget 2018

What Storage Managers Need To Know About Security

Tripwire State of Container Security Report

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Solutions Technology, Inc. (STI) Corporate Capability Brief

Building new cybersecurity pipelines. NICE Conference 2017 November 8, Strengthening Cyber Workforce Development sans.

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Career Paths In Cybersecurity

PROJECT MANAGEMENT PROFESSIONAL (PMP)

CYBER SECURITY TALENT SHORTAGE & INDUSTRY DYNAMICS

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

The fast track to top skills and top jobs in cyber. FREE TO TRANSITIONING VETERANS

Application for Certification

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Reducing Cybersecurity Costs & Risk through Automation Technologies

Understanding Cybersecurity Talent Needs Findings From Surveys of Business Executives and College Presidents

State of the Cyber Training Market January 2018

Bored with Your Board s Involvement with Privacy/Security Program?

ESG Research. Executive Summary. By Jon Oltsik, Senior Principal Analyst, and Colm Keegan, Senior Analyst

Build Your Cybersecurity Team: Create a Strong Cybersecurity Workforce Using Best Practices in Development

CYBERSECURITY. The Intersection of Policy and Technology YOU RE HERE TO MAKE A DIFFERENCE ṢM

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

August Objectives. Agenda. Promoting Your Professional Development with ACMPE. Describe the foundation and value of certification and fellowship

Background of the North America Top Technology Initiatives Survey

The Deloitte-NASCIO Cybersecurity Study Insights from

MY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE.

Cybersecurity Job Seekers

Privacy Notice. Introduction. What is personal data? Date Updated: 2/11/2019

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Digital Service Management (DSM)

Job Specification & Recruiting Profile of Vacancy

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Uncovering the Risk of SAP Cyber Breaches

ISTQB Effectiveness Survey

Security and Privacy Governance Program Guidelines

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

FROM TACTIC TO STRATEGY:

Click to edit Master title style. DIY vs. Managed SIEM

Securing Your Digital Transformation

cloud operationalizing your strategic guide to INSIDE The business side of cloud computing The evolution of the Making the cloud gateway connection

A A Shortage of of Superheroes: Healthcare s Cybersecurity Staffing. October 2017

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Bringing Cybersecurity to the Boardroom Bret Arsenault

Transcription:

SESSION ID: AST2-W02 Hearing Voices: The Cybersecurity Pro s View of the Profession Jon Oltsik Senior Principal Analyst and ESG Fellow Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International President Information Systems Security Association (ISSA) @nh_candy

Project Overview Third annual project 267 completed online surveys from ISSA member list + Small, mid-market, and enterprise organizations 34% small, 6% mid-market, 60% enterprise 90% North America, 10% ROW Multiple industries including information technology, financial, government, business services 3

Cybersecurity Challenges 29% The cybersecurity staff is understaffed for the size of my organization 23% Business managers don t understand and/or support an appropriate level of cybersecurity 23% My organization depends upon too many manual and/or informal processes for cybersecurity 23% My organization depends upon too many disconnected point tools for cybersecurity 4

Cybersecurity Skills Shortage 74% of organizations have been impacted by the cybersecurity skills shortage Increasing workload on existing staff 66% Inability to fully learn or utilize some of our security technologies to their full potential 47% My organization has had to hire and train junior employees rather than hire people with the appropriate level of cybersecurity skills needed 41% Cybersecurity staff has limited time to work with business units to align cybersecurity with business processes 40% 0% 10% 20% 30% 40% 50% 60% 70%

Balance of Power 2% 4% In general, cyber-adversaries have a big advantage over cyber-defenders 34% In general, cyber-adversaries have a marginal advantage over cyber-defenders 60% In general, cyber-adversaries have no advantage over cyber-defenders In general, cyber-defenders have a marginal advantage over cyber-adversaries

New Responsibility: Data Privacy 8% 7% 21% of cybersecurity professionals do not believe they have been given clear direction on data privacy 40% Yes, significantly Yes, somewhat No, but we will be asked to do so in the near future No 45% 23% of cybersecurity professionals do not believe they have been given right level of training on data privacy

Widespread Vulnerabilities 4% 1% 4% Extremely vulnerable 39% Somewhat vulnerable Not very vulnerable Not at all vulnerable 52% Don t know/no opinion

Cybersecurity Professional s Opinions 93% agree Cybersecurity professionals must keep up with their skills or the organizations they work for are at a significant disadvantage against today s cyber-adversaries 66% agree A cybersecurity career can be taxing on the balance between one s professional and personal life 66% agree While I try to keep up on cybersecurity skills, it is hard to do so given the demands of my job 57% agree Security certifications are far more useful for getting a job than they are for doing a job 9

Training Levels 23% Yes 37% No, my organization should provide a bit more training so the cybersecurity team can keep up with business and IT risk 40% No, my organization should provide significantly more training so the cybersecurity team can keep up with business and IT risk

Job Satisfaction 40%: Organization provides support and financial incentives enabling cybersecurity staff to advance their careers 38%: Competitive or industry leading financial compensation 34%: Business management s commitment to strong cybersecurity 34%: The ability to work with a highly-skilled and talented cybersecurity staff 30%: Organization provides opportunities for career advancements and promotions 11

Stressful Aspects of a Cybersecurity Career 40%: Keeping up with the security needs of new IT initiatives 39%: Finding out about IT initiatives/projects that were started by other teams within my organization with no security oversight 38%: Trying to get end-users to understand cybersecurity risks and change their behavior accordingly 37%: Trying to get the business to better understand cyber-risks 36%: The overwhelming workload 12

Career Success Factors As a former IT professional, which of the following were most helpful when you moved on to a career as a cybersecurity professional? (Percent of respondents, N=211, three responses accepted) Gaining experience with different types of technologies and/or applications 53% Networking and/or other infrastructure knowledge and skills 49% IT operations knowledge and skills 49% Collaboration between IT and business units on business initiatives, processes, and strategic planning 35% 0% 10% 20% 30% 40% 50% 60%

Career Advancement 4% 7% 5% A mentor or a career coach to help me define a uniquely 20% personal path A standardized career map with progressive training, education, certifications outlined according to job titles or responsibilities Technical training curriculum map 16% Combination of the above Other 43% 5% None of the above Don t know

KSAs Attending specific cybersecurity training courses 71% Participating in professional organizations and events 68% Attending industry tradeshows 51% On-the-job mentoring from a cybersecurity professional who is more experienced than I am 42% Working closely with highly-experienced business professionals 40% 0% 10% 20% 30% 40% 50% 60% 70% 80%

Certification Value CISSP CISM CompTIA Security+ CISA CEH Other

Skills Shortage and Opportunities 33%: Cloud computing security 32%: Application security 30%: Security analysis and investigations 21%: Risk and/or compliance administration 17

Future Actions 42%: Add cybersecurity goals as metrics to IT and business managers 42%: Provide more cybersecurity training to the cybersecurity team 41%: Increase cybersecurity budgets 40%: Provide more cybersecurity training to non-technical employees 39%: Hire more cybersecurity professionals 18

SESSION ID: AST2-W02 Thank You! Jon Oltsik Senior Principal Analyst and ESG Fellow Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International President Information Systems Security Association (ISSA) @nh_candy

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback