topic Re: The big lie of millions of information security jobs in Industry News

The big lie of millions of information security jobs

gidyn — Mon, 04 Dec 2023 12:56:57 GMT

The big lie of millions of information security jobs

... how many information security jobs are there? The short answer is that no one has a clue. The problem is that there is no statistically verifiable and empirically researched data on the number of current information security jobs and what the future holds ...

More in the article, including a section on "Issues with the ISC2 Cyber Workforce Study".

Re: The big lie of millions of information security jobs

JoePete — Mon, 04 Dec 2023 14:02:13 GMT

A summation of Ben Rothke's position is that there is a disconnect between people working in security and those opining on the job market. I think there is a lot of truth to that

One thing he doesn't touch on though is that one of the reasons for so many advertised openings maybe the frustration and burnout in the job. There's a lot of musical chairs in IT and security reflective of turnover. Part of that perhaps reflects a more pervasive issue with technology and security. From entry level right up to CEO, we have a workforce that adhere to TL;DR when it comes to the details of technology. This induces a lot of ignorance and also a lot of frustration.

Re: The big lie of millions of information security jobs

Steve-Wilme — Mon, 04 Dec 2023 14:29:38 GMT

When it comes to putting downward pressure on salaries isn't it in an industry's interest to state that there are lots of openings, so over the next 4 to 5 years more people qualify to enter that area. Then there is a broad cross section of people who have a head start and have maybe paid for their own training and skills so they can 'break into' the field.

It's also true to say that many of the people in the infosec field are aging out. When ISC2 asked for a show of hands at a conference, when asked to put hand down if you were under 45, the majority of the audience kept their hands up. Most the people I know in infosec who left retired before 60, although with the current cost of living crisis some might be tempted to stay on longer.

Re: The big lie of millions of information security jobs

gidyn — Mon, 04 Dec 2023 16:52:59 GMT

@Steve-Wilme wrote:
It's also true to say that many of the people in the infosec field are aging out. When ISC2 asked for a show of hands at a conference, when asked to put hand down if you were under 45, the majority of the audience kept their hands up.

That may be indicative of the age of people who physically attend conferences.

Re: The big lie of millions of information security jobs

RobertCousins — Tue, 05 Dec 2023 19:34:40 GMT

I don't know what the true numbers are, but I think the biggest shortage in information security is reasonable job descriptions.

It is no wonder that openings with a requirement for in-depth skills and experience across several largely separate disciplines of our craft go unfilled.

Re: The big lie of millions of information security jobs

Caute_cautim — Sun, 10 Dec 2023 04:42:15 GMT

@RobertCousins Hi All

If perhaps there was better communications and initiatives driven from central governments from countries willing to to take a strong stance to protect and mature their security strategies and nations, then there should be standards developed, to ensure appropriate job descriptions were developed throughout the cybersecurity environment regardless of the industry they come from. No there is no second guessing by recruitment agencies about the roles and responsibilities required - standardisation is required.

This would bring about the following benefits:

Increasing productivity.
Eliminating confusion and guesswork in processes.
Improving customer service quality.
Reducing operational costs.
Using resources more efficiently.

So why can't ISC2 take a stance and provide recommended job descriptions?

Stop all this current guesswork.

Regards

Caute_Cautim

Re: The big lie of millions of information security jobs

RobertCousins — Mon, 11 Dec 2023 17:56:10 GMT

I agree. My personal (humble) opinion:

Both the security, and more generally, the IT industry need to grow up and become actual professions. This means defining the roles and requirements for both individuals and organizations, and having a true professional body to push those along and have governments build reliance on those definitions.

Similar to how CPAs work and are required for oversight of public companies and signing off on statements etc.

We've tried letting everyone be a cowboy for decades and that hasn't matured the industry at all.

Re: The big lie of millions of information security jobs

Steve-Wilme — Wed, 13 Dec 2023 13:22:37 GMT

There have been attempts to define roles and career paths by a number of bodies. These tend to be national rather than international bodies and compulsion element seems to start out with government contractors or professionals dealing with critical national infrastructure.

Re: The big lie of millions of information security jobs

Caute_cautim — Wed, 13 Dec 2023 19:31:06 GMT

@Steve-Wilme Well it is a start, perhaps start with those and commence from there. It is the same in the Architect community, suddenly we have Information Architects, which embrace AI, Blockchain, Data and Cloud. As all of them deal with information, metadata, data etc.

Having some categories with clear definitions helps everyone with understanding, technology is introduced and things need to be expanded, but at least have a baseline to work from.

Regards

Caute_Cautim