THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

Similar documents
Hearing Voices: The Cybersecurity Pro s View of the Profession

The Life and Times of Cybersecurity Professionals

Hidden Figures: Women in Cybersecurity

An Annual Research Report (Part I)

The State of Cyber Security Professional Careers:

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

UTCS Scholarships for Service

POSITION DESCRIPTION

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

Why the Security Workforce Needs More Women and Men

2015 VORMETRIC INSIDER THREAT REPORT

Building the Cybersecurity Workforce. November 2017

Position Description IT Auditor

Uncovering the Risk of SAP Cyber Breaches

The State of Cybersecurity and Digital Trust 2016

Current skills gap for capable CTI analysts: Training for forensics & analysis

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

2018 NFP Governance and Performance Study. Key results and implications

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Workforce Development Training Curriculum & Management Program

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Research Insights Paper

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

ISTQB Effectiveness Survey

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Reducing Cybersecurity Costs & Risk through Automation Technologies

Cloud Strategies for Addressing IT Challenges

Computer Information Systems

Reasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS

A Global Look at IT Audit Best Practices

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Creating a Cybersecurity Culture: (ISC)2 Survey Responses

itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Understanding the Changing Cybersecurity Problem

How to Assess the Financial Impact of Cyber Risk

Abstract: Data Protection Cloud Strategies

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

Modern Compute Is The Foundation For Your IT Transformation

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

SHANGHAI We predict that, in the next three years, more companies will outsource their infrastructure needs and migrate their infrastructure

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

The fast track to top skills and top jobs in cyber. FREE TO TRANSITIONING VETERANS

How Your Organization Can Drive Success in the Age of Digital Disruption

Building a Threat Intelligence Program

Building new cybersecurity pipelines. NICE Conference 2017 November 8, Strengthening Cyber Workforce Development sans.

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

PROFESSIONAL MASTER S IN

Job Specification & Recruiting Profile of Vacancy

Manufacturing Cybersecurity Cooperative Overview

Combating Cyber Risk in the Supply Chain

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

POSITION DESCRIPTION

Certified Manager Certification

Cyber Security. June 2015

Cyber Security: It s all about TRUST

Reference Research: Disk-based Storage Capacity Trends Date: September 2012 Author: Bill Lundell, Senior Research Analyst

UK Gender Pay Gap Report 2018

Collaboration on Cybersecurity program between California University and Shippensburg University

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

IT Risk & Compliance Federal

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

Immersion Academy Annual Report 2017

Which Side Are You On?

Career Paths In Cybersecurity

Effective Cyber Incident Response in Insurance Companies

The ACFE Law Enforcement and Government Alliance

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Cybersecurity Employment SecureNinja

National Initiative for Cybersecurity Education

Immersion Academy Annual Report 2018

A Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF)

The Widening Talent Gap: The greatest security challenge of our time

Digital Service Management (DSM)

DIABLO VALLEY COLLEGE CATALOG

John Edwards What we have achieved together Where is our focus going forward

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Digital Service Management (DSM)

A Road Map for Advancing Your Career. Distinguish yourself professionally. Get an edge over the competition. Advance your career with CBIP.

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

The Value of Certification in the Wonderware Solution Provider Program. By Jay S. David, Senior Product Marketing Specialist

ISACA Enterprise. Solutions and Resources

Endpoint Security Must Include Rapid Query and Remediation Capabilities

The Third Annual Study on the Cyber Resilient Organization

THE KEY BENEFITS OF ITIL

PROFESSIONAL DEVELOPMENT CORPORATE SURVEY SUMMARY RESEARCH REPORT

State of the Cyber Training Market January 2018

Cyber Range Buyers Guide for Fortune 1000 Security Operations

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Strengthening Capacity in Cyber Talent sans.org/cybertalent

ESG Research. Executive Summary. By Jon Oltsik, Senior Principal Analyst, and Colm Keegan, Senior Analyst

Transcription:

SESSION ID: AST3-R02 THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS Jon Oltsik Senior Principal Analyst Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International Board Director ISSA International @NH_Candy

Project Overview Second annual project and report 343 completed online surveys with information security and IT professionals from ISSA member list (and beyond) Small/small midmarket (less than 500 employees), large midmarket (500 to 999 employees) and enterprise organizations (1,000 or more employees) in North America, Europe, Central/South America, Africa and Asia 33% small/small midmarket, 8% large midmarket, 59% enterprise 85% North America, 15% other Multiple industry verticals including information technology, financial, government and business services 2

Cybersecurity Challenges 29% 28% 24% The cybersecurity staff is understaffed for the size of my organization My organization depends upon too many manual and/or informal processes for cybersecurity Business managers don t understand and/or support an appropriate level of cybersecurity 3

The Cybersecurity Skills Shortage 70% of organizations have been impacted by the cybersecurity skills shortage 4

Widespread Vulnerabilities In your opinion, how vulnerable are most organizations (other than your own) to a significant cyberattack or data breach (i.e., one that disrupts business processes or leads to theft of sensitive data)? 9% 45% Somewhat vulnerable 45% 46% 46% Extremely vulnerable 5

Cybersecurity Professionals Opinions 96% AGREE Cybersecurity professionals must keep up with their skills or the organizations they work for are at a significant disadvantage against today s cyber-adversaries 61% AGREE Security certifications are far more useful for getting a job than they are for doing a job 59% AGREE To my knowledge, there are no standards for or agreement on cybersecurity job titles and responsibilities in the industry 6

Training Levels In your opinion, does your current employer provide the cybersecurity team with the right level of training in order for them to keep up with business and IT risk? (Percent of respondents, N=343) No, my organization should provide significantly more training so the cybersecurity team can keep up with business and IT risk, 27% No, my organization should provide a bit more training so the cybersecurity team can keep up with business and IT risk, 35% Yes, 38% 7

Job Satisfaction Which of the following are the biggest factors determining job satisfaction for you? 42% Competitive or industry leading financial compensation 38% Organization provides support and financial incentives enabling cybersecurity staff to advance their careers 37% Business management s commitment to strong cybersecurity 34% The ability to work with a highly-skilled and talented cybersecurity staff 30% Organization provides opportunities for career advancements and promotions 8

Career Success Factors As a former IT professional, which of the following were most helpful when you moved on to a career as a cybersecurity professional? 57% Networking and/or other infrastructure knowledge and skills 52% IT operations knowledge and skills 51% Gaining experience with different types of technologies and/or applications 31% Collaboration between IT and business units on IT initiatives 9

Career Advancement Which of the following would be the most helpful in getting to the next level career-wise? (Percent of respondents, N=231) None of the above, 8% Other, 3% Don t know, 8% A mentor or a career coach to help me define a uniquely personal path, 20% A standardized career map with progressive training, education, certifications outlined according to job titles or responsibilities, 16% Combination of the above, 42% Technical training curriculum map, 3% 10

KSAs 76% 71% Attending specific cybersecurity training courses Participating in professional organizations and events 11

Certification Value Certifications achieved CEH CISA CISM CEH CISA 12% 9% 16% 16% Certifications important in getting job CEH CEH CISA CISA CISM 5% 6% 10% 8% CISM Comp TIA Security+ CompTIA Security+ CISSP CISSP 17% 18% 19% 17% 52% 56% CISM Comp TIA Security+ CompTIA Security+ CISSP CISSP 10% 10% 8% 8% 48% 61% 2016 2017 2016 2017 0% 10% 20% 30% 40% 50% 60% 0% 10% 20% 30% 40% 50% 60% 2016 2017 2016 2017 12

Skills Shortages and Opportunities 31% 31% 29% Security analysis and investigations Application security Cloud computing security 13

Future Actions 43% Add cybersecurity goals as metrics to IT and business managers 41% Document and formalize all cybersecurity processes 36% Make organizational changes so that the cybersecurity and IT departments have the right tools and compensation 35% Provide more cybersecurity training to infosec and IT teams 14

SESSION ID: AST3-R02 THANK YOU! Jon Oltsik Senior Principal Analyst Enterprise Strategy Group @joltsik jon.oltsik@esg-global.com Candy Alexander, CISSP CISM International Board Director ISSA International @NH_Candy

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback