A research report commissioned by Infosecurity Europe, “Information security: From business barrier to business enabler,” surveyed 1,149 information security professionals across the globe and found that more than half (53.8%) claim their job satisfaction has changed over the past 12 months, as a consequence of developments in the industry. More than three quarters of industry professionals (81.5%) feel their job has become more enjoyable in the past year. Almost nine in 10 vendors feel this way.
Satisfaction in their chosen profession stems from reasons both intellectual and personal. Just over a third (34.5%) of respondents said that information security is the most technically demanding and stimulating sector in the IT industry. An equal percentage said they always knew the sector would become ever-more important to both business and society. Almost half of respondents (45.5%) said that their function is now seen by their employers as “integral” to business strategy. That recognition applies to the wider enterprise as well: 41.6% feel the media focus on information security has made it easier for them to explain to their stakeholders that information security should be taken seriously.
For 29.3%, the excitement and dynamic nature of their career is what assures them that they made the right choice. Perhaps it is not surprising that 83.7% of respondents feel that now is the best time to be an information security professional. There’s a high degree of conformity: 74.6% of respondents are sure that they still would have chosen a career in information security, given the benefit of hindsight. This view is expressed equally across both the private and public sector, with 76% and 77%, respectively, pleased with their career choice.
Nonetheless, it’s critical to note that despite the career optimism and positivity, there persists a skills shortage in the industry that is directly impacting enterprise and governments' ability to combat cybercrime effectively. Not enough talented people are entering the field – indicating a perception issue within the wider public.
The survey results highlighted what motivates job dissatisfaction as well, with only 7% believing that information security is now considered a ‘cool’ subject. Almost one in ten (8.8%), in hindsight, would not have chosen a career in information security with the principal reason (felt by 34.3% of the 8.8%) being the poor quality of rewards and recognition. Of the 18.5% of respondents who said that their job has become less enjoyable over the past 12 months, 42.1% of them said that this is mainly due to business stakeholders demanding the impossible: asking for absolute protection for their information assets without understanding the complexity and challenges of such a request.
All of these factors contribute to the difficulty in recruiting new talent.
“Tackling the shortage is a key priority for governments, industry and the profession,” said John Colley, managing director of (ISC)² EMEA, in the report. “As a relatively new profession, we have focused on recognizing the competencies of our first generation. In doing so, we have amassed a significant amount of knowledge that we must now put to broader use, to share our knowledge and experience with the academic community and take advantage of what the academic community has to offer in their ability to nurture talent in the young.”
Also in the "more work to do" column, the survey makes it clear that there’s a persisting disconnect between those working in information security and those who make business decisions, despite the positive movement noted earlier. A lack of sponsorship by business executives for information security policies was selected by 14.3% of respondents as the biggest challenge in protecting their company’s IT infrastructure and security posture. And 8% of respondents said that disjointed or incomplete information policies is their most substantial barrier.
When it comes to educating businesses on the importance of information security to business strategy, some respondents want education themselves: About 16.8% of respondents feel that training would help them, as industry professionals, to understand how to present information security proposals in a strategic way, which would ultimately support gaining buy-in from the business.
But short-sightedness may ultimately fade as an option. “The way organizations and people work today has dramatically changed,” said David Cass, senior vice president and CISO at Elsevier. “Social, mobile and cloud require us to change the way that we practice information security. Having a long term vision and strategy that take these changes into account and align with the business strategy is critical. This is the foundation in making security a business enabler.”
To download the full report, please visit: http://www.infosec.co.uk/Industry-Survey-Report14