Over the past decade, technology has become one of the main drivers shaping modern society. We can now run our personal and corporate lives from powerful computers that fit in the palm of our hand. These advancements bring security threats to the forefront of society and raise awareness of issues such as imminent cyber-war, cyber-espionage through advanced malware, and millions of insecure applications feeding our personal information to cybercriminals. Many things have changed, but much remains the same.
What has improved is the growing consensus among businesses and governments that cybersecurity professionals are essential to protecting our way of life. In today’s environment, it’s important to discuss how technology and threats have equally evolved and what the next generation information security environment and workforce will look like.
It never fails. You can stop watching a soap opera for three years, only to find that when you resume, the characters may have changed, but the stories remain the same. Such is the way with information security. Despite the increase in sophisticated and complex technologies, including software-encrypted devices, TPM chips and many more advancements, vulnerabilities still exist and will always remain. Yes, we have made profound strides in developing sophisticated technologies dedicated to thwarting attacks.
We have gone from 32-bit operating systems to 64-bit in computing capability, and thumb drives now hold enough memory to take down companies and governments. According to the (ISC)² 2013 Global Information Security Workforce Study (GISWS), 69% of respondents named software applications as the number one threat on the minds of information security pros. Yet while we’ve been able to produce more software patches and millions of lines of code, it’s difficult to argue that software is any more secure than it was 10 years ago.
As the media highlights time and time again, the cybersecurity landscape is an ever-evolving, complex environment, and no organization is safe from an attack. What’s changed is that companies and governments alike must face the reality that it’s not if they’ll get hacked but when.
What has evolved, however, are attitudes toward cybersecurity professionals. According to the GISWS, in a ranking of importance in securing infrastructure, software and hardware solutions rank behind the effectiveness of information security professionals. High-level executives, government officials and citizens now recognize that a cybersecurity staff made up of well-educated, trained, experienced, certified professionals is the key to protecting their intellectual property, customers’ data, reputation and our way of life.
Ten years ago, executives rarely acknowledged the value of security, let alone paid attention to, invested in or implemented proper security safeguards. Corporate employees and government officials’ viewpoints have now evolved to support the notion that information security is not only something to be taken seriously, but recognize it as an organization-wide concern and even a business driver.
Attacking styles have evolved from minor breaches to site-disabling distributed denial-of-service (DDoS) attacks, and while many of these concerns have been somewhat offset by increased computing power, the shift has now focused more toward instilling confidence in people rather than products. Nevertheless, as computing power continues to follow Moore’s Law, the attacks will continue to escalate.
As threats and technology have evolved, so have the definition and expectations of a cyber professional. Employers are starting to demand certified professionals with credentials such as the CISSP and CSSLP. The GISWS found that slightly more than 46% of all survey respondents indicated that their organizations require certification.
Furthermore, the outlook is good for both current and aspiring professionals. Information security is a resilient and rewarding career. The GISWS found that information security professionals enjoy stable employment; more than 80% had no change in employer or employment in the past year, and the number of professionals is projected to grow more than 11% annually over the next five years.
It’s clearer now more than ever that cybersecurity professionals, rather than even the most sophisticated malware detection tool, are the strongest asset in an organization’s arsenal.
W. Hord Tipton is the executive director of (ISC)² and a member of Infosecurity magazine’s editorial advisory board. He has over thirty years of business experience, including CIO for the US Department of the Interior. Tipton is a recipient of the Distinguished Rank Award for government service from the President of the United States.