Colley highlighted findings from the non-profit IT security association’s previously released “Global Information Security Workforce Study” during a Business Strategy session at this week’s Infosecurity Europe show in London. The session, titled “Are We Approaching a Skills Gap?”, examined what types of skills are needed to keep pace with the types of threats organizations face today.
On the plus side, Colley said, is that 60% of security professionals received a salary increase between 2009-10, despite the harsh economic climate. One the down side: 73% of survey respondents – which took in responses from 10,000 IT security professionals worldwide – said that application security was the biggest threat their organization faced. Yet only 20% of those polled said they were involved in application development.
“Application security is one of the biggest threats”, Colley noted. But as a profession, we are not getting involved.
Another concerning trend from the survey was the clear gap that exists around the deployment of new IT technologies and the required skills needed to understand, assess, and deploy within them organizations.
Colley added that education is needed regarding application and software development security, in addition to emerging technologies.
He closed by highlighting a Catch 22 in the security industry, one that may be responsible for this profound skills gap: “One cannot get a job in information security without experience, but one cannot get experience without first getting a job”. It’s this complex problem, Colley concluded, “that needs to be addressed in the next two to five years”.