Infosec certification and the talent shortage crisis

eBook: The DevOps Roadmap for Security - Tips and tools for bridging the security tribe into DevOps. Download →

As more enterprises aspire to create future workspaces and harness the benefits of a mobile workforce that leverages cloud platforms, there’s a greater need to implement appropriate measures to secure data, infrastructures, applications, and users wherever they may reside.

infosec certification

What’s making this difficult is the undeniable talent shortage crisis impacting the cybersecurity industry across both companies and nations.

The demand for cybersecurity professionals is outpacing the supply of qualified workers, with highly technical skills the most in need. In fact, skills such as intrusion detection, secure software development and attack mitigation were found to be far more valued than softer skills including collaboration, leadership and effective communication.

Proactively hiring new staff to employ experts before an incident, rather than bringing them in to pick up the pieces, significantly lowers the average IT costs and helps better protect the business.

Despite being more creative and increasing their influence, 65 percent of CIOs believe a lack of talent will prevent their organization from keeping up with the pace of change.

The value of infosec certification

While most employers regard formal education as important, accepting non-traditional sources of education is becoming paramount.

“A degree can be a part of a candidate’s portfolio, but several jobs in infosec do not have higher education requirements. Obtaining the CISSP validates 5 years of paid, full-time work experience in the field – 4 if they have a degree. Knowing someone has a CISSP allows HR managers to make knowledgeable hiring decisions when on-boarding infosec talent,” said Dan Waddell, Director of North America region, (ISC)2.

“All of our certifications feature a continuing education requirement. Once you achieve the CISSP for example, you need to further your education by earning a minimum of 40 Continuing Professional Education (CPE) credits per year during the 120 CPE credits required in the three-year certification cycle. There are now over 111,000 CISSPs worldwide, and we saw a record number of CISSP exam registrants during the last three months of 2016,” Waddell added.

Modern practical learning

Non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons, may be a more effective way to acquire and grow cybersecurity skills, according to an Intel Security report.

“Great security people are often inquisitive, problem solvers. Since this industry changes on a daily basis, we look for people with strong technical skills that learn and adapt quickly, and also have a real passion for this field. Those are the individuals that tend to shine,” Patty Hatter, vice president and general manager of Intel Security Group Professional Services, told Help Net Security.

“Generally speaking, certifications often serve the purpose to help ensure a common acuity across a team or across an organization. As useful as certifications are, they can’t replace demonstrated experience and technical skill. More and more, we are looking for certifications that require a ‘hands on’ demonstration of specific skills, like Global Information Assurance Certification (GIAC), SANS, or those from Offensive Security Certified Professional (OSCP). The Certified Information Systems Security Professional (CISSP) can provide managers a barometer of understanding across the breadth of security domains – both technical and management,” Hatter concluded.