The media spotlight has been heavily directed toward the information security industry over the past 12 months in what is now being referred to as ‘The year of the breach.’ It seems as though no organization is safe with leading tech companies such as Apple and Google suffering data breaches this year. When private consumer information has been leaked, huge PR efforts have looked to protect brands and restore trust.
However, the recent breach at Sony has surpassed that of a public relations issue and has become an international political incident: the White House calling the hack a “serious national security matter.” Data security has become an economic priority as more organisations look to big data to improve business intelligence. However, the increasing number of cases of an information security breach is stoking the fire behind policies like the EU Data Directive that threatens to prevent organisations using big data.
The string of high profile breaches confirms that the information security industry has a significant task on its hands, a task which has become mission critical for many organisations and a source of growing urgency. The information security industry has evolved predominantly in reaction to threats rather than proactively developing the profession leading to a generational gap. The Information Systems Securities Association (ISSA) estimates there are between 300,000 and 1,000,000 vacant cybersecurity positions. Further, LinkedIn recently released a list of the 25 most in demand skills. The list is based on hiring and recruiting activity, analysing the skills and experience data of over 330 million LinkedIn member profiles. ‘Network and information security’ skills are seventh on the UK list and set to soar higher as demand increases further.
The skills gap is affecting web technology, digital, analytics and IT industries, slowing down the adoption of some of the most desirable technologies such as cloud based operations, Internet of Things and big data. However, the economic implications of the skills gap in cybersecurity could result in many of these technologies being unavailable to organisations through data protection laws.
As we look ahead to 2015, there is increasing demand for the development of the information security profession on a political, economic and organizational level. The ISSA believes that a lack of consensus on career definitions is making it difficult to attract skilled talent to the industry. Part of their solution to combat the ambiguity in career structure was to develop the Cybersecurity Career Lifecycle (CSCL), an internationally adopted framework for a career in cybersecurity. Initiatives like the CSCL demonstrate that the information security industry understands that it needs to change its model from being reactive to threats, to being proactive about developing to meet the security demands of organizations today.
Just over two years ago, InterQuest established a small information security recruitment division aimed at helping users of our specialist recruitment practices — analytics, digital and web technologies — connect with talent to support their information security requirements. This once small division has grown and been the source of significant investment by the group, as it responds to the upswing in demand and professionally represents candidates in a market largely misunderstood by more generic recruiters. IQ InfoSec is using its growing network, expert knowledge of information security and STEM skills to engage candidates with adaptive and transferrable talent who can excel in the cybersecurity arena. Just one recent and successful example is talent from the ‘Gaming’ industry actively being brought over to the information security profession.
Solving talent shortages in information security will require a degree of innovation alongside well connected talent pools. InterQuest and IQ InfoSec has been investing in this for a little while and will continue to do so for the foreseeable future.