cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gidyn
Contributor III

The big lie of millions of information security jobs

The big lie of millions of information security jobs 

 

... how many information security jobs are there? The short answer is that no one has a clue. The problem is that there is no statistically verifiable and empirically researched data on the number of current information security jobs and what the future holds ...

 

More in the article, including a section on "Issues with the ISC2 Cyber Workforce Study".

8 Replies
JoePete
Advocate I

A summation of Ben Rothke's position is that there is a disconnect between people working in security and those opining on the job market. I think there is a lot of truth to that

 

One thing he doesn't touch on though is that one of the reasons for so many advertised openings maybe the frustration and burnout in the job. There's a lot of musical chairs in IT and security reflective of turnover. Part of that perhaps reflects a more pervasive issue with technology and security. From entry level right up to CEO, we have a workforce that adhere to TL;DR when it comes to the details of technology. This induces a lot of ignorance and also a lot of frustration.

Steve-Wilme
Advocate II

When it comes to putting downward pressure on salaries isn't it in an industry's interest to state that there are lots of openings, so over the next 4 to 5 years more people qualify to enter that area.  Then there is a broad cross section of people who have a head start and have maybe paid for their own training and skills so they can 'break into' the field. 

 

It's also true to say that many of the people in the infosec field are aging out.  When ISC2 asked for a show of hands at a conference, when asked to put hand down if you were under 45, the majority of the audience kept their hands up.  Most the people I know in infosec who left retired before 60, although with the current cost of living crisis some might be tempted to stay on longer.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
gidyn
Contributor III


@Steve-Wilme wrote:

It's also true to say that many of the people in the infosec field are aging out.  When ISC2 asked for a show of hands at a conference, when asked to put hand down if you were under 45, the majority of the audience kept their hands up.


That may be indicative of the age of people who physically attend conferences.

RobertCousins
Newcomer I

I don't know what the true numbers are, but I think the biggest shortage in information security is reasonable job descriptions.

 

It is no wonder that openings with a requirement for in-depth skills and experience across several largely separate disciplines of our craft go unfilled. 

 

Caute_cautim
Community Champion

@RobertCousins   Hi All

 

If perhaps there was better communications and initiatives driven from central governments from countries willing to to take a strong stance to protect and mature their security strategies and nations, then there should be standards developed, to ensure appropriate job descriptions were developed throughout the cybersecurity environment regardless of the industry they come from.  No there is no second guessing by recruitment agencies about the roles and responsibilities required - standardisation is required.

 

This would bring about the following benefits:

 

  • Increasing productivity.
  • Eliminating confusion and guesswork in processes.
  • Improving customer service quality.
  • Reducing operational costs.
  • Using resources more efficiently.

So why can't ISC2 take a stance and provide recommended job descriptions?

 

Stop all this current guesswork.

 

Regards

 

Caute_Cautim

 

RobertCousins
Newcomer I

I agree. My personal (humble) opinion:

 

Both the security, and more generally, the IT industry need to grow up and become actual professions. This means defining the roles and requirements for both individuals and organizations, and having a true professional body to push those along and have governments build reliance on those definitions.

 

Similar to how CPAs work and are required for oversight of public companies and signing off on statements etc.

 

We've tried letting everyone be a cowboy for decades and that hasn't matured the industry at all.

Steve-Wilme
Advocate II

There have been attempts to define roles and career paths by a number of bodies.  These tend to be national rather than international bodies and compulsion element seems to start out with government contractors or professionals dealing with critical national infrastructure.  

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Caute_cautim
Community Champion

@Steve-Wilme   Well it is a start, perhaps start with those and commence from there.  It is the same in the Architect community, suddenly we have Information Architects, which embrace AI, Blockchain, Data and Cloud.  As all of them deal with information, metadata, data etc.

 

Having some categories with clear definitions helps everyone with understanding, technology is introduced and things need to be expanded, but at least have a baseline to work from.

 

Regards

 

Caute_Cautim