Every couple of years (ISC)2 issue a report on the current situation and future expectations regarding the global information security workforce.
At the Infosecurity press event, John Colley, the organization’s Managing Director for the EMEA region, offered insight on their latest report.
The information for the 2011 Global Information Security Workforce Study was collected during the autumn of 2010 via a on-line Web-based survey using the (ISC)2 membership list, and a total of 7,547 (ISC)2 members were surveyed. Given that the organization numbers some 74,000 certified professionals around the world, roughly every tenth member took part of the survey.
Its goal was to shed light into the changing profile and focus of the workforce, and apart the usual issues of salaries, budgets, job focus, and others, this latest survey offered questions tied to the impact of changing business models, the Cloud, mobility and the social media.
The participants are either currently employed by a company or an organization, contractors or independent security consultants, and the majority of them (63%) are North American. Incidentally, the same percentage of respondents identify themselves (i.e. their current job function) as information security professionals, and 88 percent say that they are employed directly by a company or organization.
Predictably, 81 percent of them have not changed their employment status in 2010 – information security is a pretty static market, and one can only imagine the recent economic situation had made it even more so.
Job titles that occurred more often among the respondents are (in that order): security consultant/analyst/manager/systems engineer, and in the fifth place, IT director/manager. According to Colley, it is obvious that some security people are moving back in IT. Also, that a small percentage has been placed on positions responsible for software development – a percentage that was non-existent in the results of the same survey conducted in 2008.
In 2008, a large number of respondents predicted that in a few year’s time, their primary functional responsibilities would be managerial – as do this year’s respondents. But, the prediction didn’t come true for most of them:
Given that cloud computing has stopped being just a buzzword and has become the reality for many, many companies and organizations, Colley offered details concerning the impact of cloud computing.
According to the answers, security professionals are – in general – concerned with a variety of security issues tied to the use of clouds, but especially about exposure of confidential/sensitive information to unauthorized systems or personnel and confidential/sensitive data loss or leakage.
73 percent of the respondents thinks that security professionals will have to develop new skills, and among the top three is an interesting result: half of the participants identified contract negotiation as a new skill they think they will have to acquire:
More than half of the respondents said their organizations or companies are using cloud computing – 16 percent use public cloud services and 42 percent use software as a service (SaaS).
Also intriguing are the results to the question about which activities consume a significant amount of the participants’ time. Among the top five are:
- Internal/political issues – 48%
- Researching new technologies – 48%
- Meeting regulatory compliance – 47%
- Develop internal security policies, etc. – 41%
- Providing advice on security to customers – 41%.
This last one is especially interesting as a complete new entry in the list, but the amount of time spent on meeting regulatory compliance should also present food for thought.