@Coming to this a bit late, as I spent a few months not being particularly bothered, but Wim is pretty sensible on this.
to point to Wims post - the increase in AMF is pretty much in line with other certification professional membership bodies(I’ve more than one certification with ISC2, so I guess it benefits me, so I’d probably be supportive anyway). I’m not sure why there is so much wailing and gnashing of teeth on this one(one you get over sticker shock - maybe some A/B testing on the site would help there) it does seem that the profession is pretty well paid, and folks ISC2 do not seem to me to be taking a purely commercial approach, it’s NPO status’s covered by Wim would seem to preclude that. There are people working full time and they do need to be fairly compensated for their time, they need health plans etc, and they might want a holiday - so personally I’m comfortable with the increase.
Maybe we should look at options to address the concerns of members who have issues paying the AMF or indeed the exam fees.
Communications wise I feel it’s OK, I gave feedback in October, it was considered and some changes were made for it and they got back to me.
On the CISSP exam - frankly CAT overall makes it harder to pass as you see less questions so there are less cribs to helpfully jog memory... Glad I didn’t have to sit the CAT test when I wrote the CISSP. Good confirmation of knowledge does not need to be an endurance test, and probably shouldn’t be.
CYBERSECURITY SKILLS SHORTAGE SOARS, NEARING 3 MILLION
If there was really a shortage there wouldn't be unicorn job postings and MBA Cybersecurity graduates wouldn't be coming to my meetups asking how they can get work. With a three million shortage I would be developing plans to bring my company to $100 million in sales and compete with the likes of Cognizant with an eye on making billions.
1998-2001 were the best. (Had to delete link because error msg: invalid HTML).
Oh, I agree when it comes to that. Based on the survey more than 80% of those reqs would exist in APAC, which isn't really relevant for EU and US job seekers. Claiming 3 million based on a survey of (maybe?) 15k respondents is also not statistically honest.
Remember that a cyber-security skills shortage doesn't always mean an open job position. There are plenty of people in "cyber-security" or "IT" jobs that are woefully under skilled in cybersecurity. When you view it like that, you can see why the number is so high.
I think that we may see a few waves of automation come in and dent that, and take up some of the easier to describe roles fairly soon, so first line SOC Analysts should probbaly look to add some esoteric niches that are not so worth training learners or creating automated playbooks. Of course with every new idiocy/outrage there comes a push to do something so who knows - devils advocate - maybe three million is conservative? On thing I can conclusively point to is folks in data protection would really like to involve a lot of their own workforce in remediation, which broadens the term of what a security role is or can be.
I’d suspect recruiters in countryies could provide more accuracy/ better data:
Asia is special case, numbers of people are large, throwing bodies at problems is quite common even though a lot of people are trying to get away from that. Two million is a lot, However there are some data points that support this ballpark:
If India, ASEAN, Japan, Korea and Aus/NZ needed about the same as China in the Tencent report states, then it’s plausible.