CYBER SECURITY TALENT SHORTAGE & INDUSTRY DYNAMICS

Similar documents
Building new cybersecurity pipelines. NICE Conference 2017 November 8, Strengthening Cyber Workforce Development sans.

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

Building the Cybersecurity Workforce. November 2017

SOC Summit June 6, Strengthening Capacity in Cyber Talent sans.org/cybertalent

The fast track to top skills and top jobs in cyber. Guaranteed.

DoD Directive (DoDD) 8570 & GIAC Certification

Immersion Academy Annual Report 2017

State of the Cyber Training Market January 2018

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

T87 - Building a Stronger Business with a Connected Workforce

The fast track to top skills and top jobs in cyber. FREE TO TRANSITIONING VETERANS

Strengthening Capacity in Cyber Talent sans.org/cybertalent

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH

A United States Cyber Academy Program

Keeping Your SOCs Full. May 26, Strengthening Capacity in Cyber Talent sans.org/cybertalent

CYBER APPRENTICESHIP. Dr. Leigh Armistead, President

Security in Today s Insecure World for SecureTokyo

Cyber Security Advanced Education: Preparing the Emerging Workforce

Hidden Figures: Women in Cybersecurity

Hearing Voices: The Cybersecurity Pro s View of the Profession

Immersion Academy Annual Report 2018

Cyber Security Occupations. in San Diego County

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

building for my Future 2013 Certification

Why the Security Workforce Needs More Women and Men

Cyber Security: It s all about TRUST

Security in India: Enabling a New Connected Era

CYBER APPRENTICESHIP. Dr Leigh Armistead, President

Reasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS

THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

Secure Systems Administration and Engineering

Partner with an MSSP or Grow an In-House Security Team: What s Right For Your Business?

How to Become a CMA (Certified Management Accountant) May 10, 2017

Current skills gap for capable CTI analysts: Training for forensics & analysis

MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018

Bachelor of Information Technology

Mastering The Endpoint

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

IT Security: Managing a New Reality

UPDATED: 10/17/16. Senior Level. Senior Specialty Threat, Consultant, Engineer, Manager. Mid Level Analyst

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Career Paths In Cybersecurity

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

CYBER SECURITY TRAINING

Security Management Occupations

Leadership. 25 years leading in cyber. 165,000 trained since ,000+ students annually

Application for Certification

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

The Cisco Networking Academy at Erie Community College

Cybersecurity Employment SecureNinja

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

Computer Support Technician

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

NCSF Foundation Certification

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

Collaboration on Cybersecurity program between California University and Shippensburg University

Certification and Career Guide

RSA NetWitness Suite Respond in Minutes, Not Months

UK Gender Pay Gap Report 2018

Computer Information Technology

Cyber Security Incident Response Fighting Fire with Fire

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Effective October 1, 2017 the Total Hourly Rates for the NYSTEC contract can be found below.

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

CAREERS SNAPSHOT INFORMATION AND COMMUNICATIONS TECHNOLOGY TAFENSW.EDU.AU TAFE NSW STRATEGY

Cybersecurity for Service Providers

When Computing Becomes Human: Automation, Innovation, and the Rise of the All-Powerful Service Provider

Management Update: Information Security Risk Best Practices

THE POWER OF TECH-SAVVY BOARDS:

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Which Side Are You On?

PMI Certification Overview

Welcome to the HP Institute

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

ACHIEVING FIFTH GENERATION CYBER SECURITY

Securing Digital Transformation

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

The Cisco Networking Academy at ECC Information Packet

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

The Widening Talent Gap: The greatest security challenge of our time

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Power of the Threat Detection Trinity

Reducing Cybersecurity Costs & Risk through Automation Technologies

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Outsourcing & remote teams: cyber security vulnerabilities

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

BUILDING AND MAINTAINING SOC

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Managed Endpoint Defense

What is the CISSP? Certified Ethical Hacker v8 or higher Certified Forensic Computer Examiner (CFCE) Certified Fraud Examiner (CFE)

FINDING LIGHT AT THE END OF THE GRADUATION TUNNEL

Transcription:

CYBER SECURITY TALENT SHORTAGE & INDUSTRY DYNAMICS WHITE PAPER January 2017 January 2017 1

THE PROBLEM PERSONNEL SHORTAGE The demand for skilled cyber security talent is outstripping supply. In 2014, there were 238,158 unfilled cyber security jobs in the United States. Cyber security job postings have grown 91% from 2010 to 2014, a growth rate that is 3.3x more than all other IT jobs. Cyber security jobs also take 24% longer to fill than all IT jobs and 36% longer than all jobs. Growth in Job Postings (2010-2014) Job Posting Duration (2013) 91% 45 days 36 days 33 days 28% Cyber Security All IT Cyber Security All IT All Jobs Source: Burning Glass Job Market Intelligence: Cyber Security Jobs, 2015. Source: Burning Glass Job Market Intelligence: Report on Growth of Cyber Security Jobs, 2014. As we can see, the supply of skilled security professionals is limited and only expected to worsen over the next five years. The demand for cyber security professionals is expected to reach 6 million (globally) by 2019 with a projected shortfall of 1.5 million. This imbalance will drive higher demand for Cloud security, Managed Security Service Provider Services ( MSSP ), Security Information and Event Management ( SIEM ) solutions, and integrated security adoption as organizations look to find ways to more efficiently manage their network security infrastructure by either offloading these responsibilities to third party MSSP s and/or find ways to manage security tools more efficiently. Evolve is focused on training and staffing individuals within these service lines to meet the eminent demand. Demand-Meeting Projections for Security Professionals (U.S. or Global) 5,963 5,424 3,972 3,568 379 168 3,400 3,593 4,416 620 3,796 4,908 901 4,007 1,197 4,227 1,507 4,456 2014 2015 2016 2017 2018 2019 Supply-Constrained Projections Skilled Labor Shortfall Source: Bank of America Merrill Lynch Cyber Security Primer (January 8, 2016). Information Security workforce study 2015. January 2017 2

UNSUSTAINABLE INCREASE IN SALARIES In 2014, employers posted 49,493 jobs requesting a CISSP certification, when there are only 65,362 CISSP holders nationwide, of which practically all are already employed. This example illustrates that employers have been forced to poach talent from other companies in order to satisfy their labor needs. In order to lure talent away from other organizations, exorbitant salaries must be offered. The average salary for information security analysts is $92k, which is 9% greater than all IT jobs. Average U.S. Salaries in Information Technology (2014) $68,670 $79,770 $82,690 $91,600 $83,839 $54,961 Help Desk Support Web Developers Network Administrator Computer Programmers Information Security Analyst All IT Select IT Occupations Feeders into Cyber Security Source: U.S. Bureau Labor Statistics (May 2014) for Computer Occupations (15-11000). INCREASED THREATS TO SMALL AND MEDIUM BUSINESSES Sixty-two percent (62%) of known security breaches were targeted at small to medium sized companies and 60% of those affected will go out of business within 6 months, according to the 2013 Verizon Cyber Crime Survey. The largest misconception of Small and Medium Businesses ( SMBs ) is that they are unaware of the risks. Cyber Streetwise reported that 66% of SMBs simply didn t believe they were at risk from a cyber-attack. The National Cyber Security Alliance has found shocking statistics showing the careless attitude towards security, with 45% of smaller companies providing no internet safety training to employees even though 69% handle sensitive information. IPSOS research found that 69% of the 6.5 million small companies in the U.S. are unaware of the risk and cost of data loss through cyber-attacks. The average cost of a security breach on a SMB is around $47,000, according to Kaspersky, an anti-virus software manufacturer, and Statistica shows that cybercrime cost SMBs over $781 million in the U.S. in 2013. January 2017 3

INDUSTRY DYNAMICS GROWTH IN INFORMATION SECURITY Enterprise security spending growth is expected to outpace total IT spending by more than 2x as the threat landscape continues to evolve and expand. An annual study performed by Verizon shows that since 2013, the number of Security Incidents and Data Breaches have increased 70% and 242%, respectively. Security Incidents (2013-2015) Data Breaches (2013-2015) 47,000 63,437 79,790 621 1,367 2,122 2013 2014 2015 2013 2014 2015 Source: Verizon Data Breach Investigation Reports. Source: Verizon Data Breach Investigation Reports. Note: A Security incident is defined as any event that compromises the confidentiality, integrity, or availability of an information asset. A Data Breach is defined as an incident that resulted in confirmed disclosure (not just exposure) to an unauthorized party. According to a study conducted by FireEye, a forensics and malware protection security company, 90% of companies have been breached, and the average breach goes undetected for 205 days. Once attackers pierce the perimeter, they have free reign to compromise sensitive data, especially since internal networking equipment (i.e. switches and routers) is generally not secure. Global spending on enterprise information security in 2015 was estimated at $79 billion and is expected to reach $110 billion by 2019. The recent surge in spending in 2014 and 2015 has been mostly reactionary due to the higher frequency of notorious sophisticated attacks. Organizations will prioritize security budgets on solutions that are focused on offering tools and services that help to improve manageability, such as SIEM and MSSP. Longer term spending will then be focused on solutions that provide detection and prevention using advanced threat intelligence. Each of these focus areas will require sophisticated cyber security professionals to manage the security programs, solutions, and technologies, which is where Evolve is focused. ($ in billions) Enterprise Information Security Spending $110 $90 $70 $62 $68 $79 $86 $93 $101 $110 $50 2013 2014 2015E 2016E 2017E 2018E 2019E Source: Gartner, Bank of America Merrill Lynch Cyber Security Primer (January 8, 2016). Information Security workforce study 2015. January 2017 4

CURRENT TRAINING MODEL IS BROKEN The most severe challenge to the information security profession relates to the education versus experience conundrum. Many companies hiring in the cyber security industry today have a personal preference to hire based on experience and are not concerned with what degree or certification one has. James Arlen, a Senior Consultant at Leviathan Security Group, adamantly believes that the industry needs to stop equating education with experience. Arlen stated that "it is too hard for the average organization to hire actual qualified people degrees, certifications and fudged resumes do not magically create qualified people." It is experience with attacks and perhaps even unsavory hacking hobbies that can make the difference between filling a job with a talented defender, or with a salesman who has a pedigree but no grasp of the devilin-the-details meat of cybersecurity. TRADITIONAL EDUCATION (COLLEGES AND UNIVERSITIES) Traditional schools are not equipping their graduates with the tools necessary to secure these high paying cyber security jobs. Traditional education (colleges/universities) curriculum focuses on theory and design versus providing real-life handson project experience. College courses are also very expensive and take a long time to complete. One year in an information security or computer science program at a college costs 2x-3x more than an immersive bootcamp program and takes 2x longer to complete. Many individuals are willing and capable of entering the industry but do not have the luxury to go back to college for a 4-year bachelor s program or even a 2-year master s program. Evolve provides an intense fully immersive alternative to acquiring the necessary skills to enter the cyber security industry in a timely fashion. Cost Comparison Time Comparison $10,000 $17,216 $18,990 $37,820 17 Weeks 36 Weeks Evolve UIC* Devry* DePaul* Evolve College (1-year) * Equivalent to one-year tuition in IT related program (15 credit hours per semester) Note: Evolve s 17 weeks includes 4 week of remote and 13 weeks of inperson. CERTIFICATIONS Currently, the most popular form of training in the cyber security industry involves obtaining various kinds of certifications (i.e. CISSP, CISA, CEH, CISM, etc.). Historically, certifications have been the industry standard to determine qualifications in the industry but this perspective has shifted in recent years as employers have realized that certifications alone do not guarantee quality talent. The chart on the next page shows that employers are not valuing the possession of certifications as much as they may have in the past. Individuals without a certification are earning more in the form of bonuses at times than their certified counterpart showing that employers place more value on work performance then they do on certifications. January 2017 5

10yr Change in Premium Pay for Certified vs. Non-Certified Individuals Premium Pay as % of Bsae Pay 9.0% 8.5% 8.0% 7.5% 7.0% 6.5% 6.0% Certified (357 IT Certifications) Non-Certified (392 noncertified IT skills) Source: Foote Partners, LLC February 26, 2015 News Release. The leading criticism for certifications involves the lack of experience that comes with obtaining a certification. Training for certifications are focused on teaching to the test and on specific areas or technologies and fails to provide applicable project experience in order to deliver a well-rounded cyber security educational experience. Amongst employers, the Certified Information Systems Security Professional ( CISSP ) certification holders are the highest in demand, mostly because the CISSP also requires five years of industry experience. Even though employers are requesting 49,493 CISSP certification holders, there are only 65,362 CISSP holders in the country, of which most are already employed. Certification Job Postings vs. Holders (2014) 49,493 65,362 Postings Holders 34,16733,640 15,831 10,730 11,750 5,882 5,436 1,413 3,942 4,920 8,400 3,733 2,202 3,600 CISSP CISA CISM GIAC GSEC SSCP CIPP GIAC GCIH GIAC GCIA Source: Burning Glass Job Market Intelligence: Cyber Security Jobs, 2015. Various forms of training for security certifications are also very expensive. The SANS Institute ( SANS ) is the leader in security certifications training and offer courses lasting 2-6 days that cost ~$850 per day. For example, SANS provides training for the CISSP exam that lasts for 6 days and costs $5,000 (not including travel, lodging, or cost of exam). This cost of training is 3.4x more expensive than Evolve and provides no hands-on experience, real-world project experience, or job placement services. SANS has been able to charge premium rates because they have been the only cyber security training company in the industry to date. $10,000 Evolve Cost Comparison $34,000 SANS Institute* * Equivalent of $850 a day for 8 weeks of training. January 2017 6

BOOTCAMPS ARE THE SOLUTION For the past 5-10 years, the technology industry has experienced an alarming labor shortage of programmers and developers. According to a U.S. jobs report from the Bureau of Labor Statistics, the U.S. was adding an estimated 136,620 jobs per year from 2010 to 2012, and graduating about 40,000 computer science degrees each year, creating a gap of roughly 100,000 jobs a year. Currently there are 607,708 open computing jobs nationwide, and still only 42,969 computer science students graduating each year. This gap is expected to continue to widen as our nation unrealistically attempts to solve the problem by attempting to fill the traditional pipeline by urging people to pursue computer science degrees. Various types of coding bootcamps emerged several years ago and have shown success in helping fill the open computer jobs and close the labor shortfall gap. In 2015, there were 16,056 graduates from 67 of the larger bootcamps in the country. 89% of these graduates were placed into a job within 120 days and experienced an average 38%, or $18,000, increase in their salaries. Graduates of Coding Bootcamps vs. Computer Science Graduate ~45,000 2,098 5,987 16,056 Est. computer science graduates per year Bootcamp Graduates 2013 2014 2015 Source: Course Report 2015 Coding Bootcamp Market Size Study. As seen from the success of the current coding bootcamps, obtaining practical and hands-on training has been proven effective in the marketplace. Employers are becoming much more focused on hiring individuals that have applicable experience and demonstrate competency in their craft, rather than just relying on degrees and certifications as a proof of ability. January 2017 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback