The (ISC)2 workforce study says that employers must look to millennials to fill the projected 1.8 million positions that are estimated to be unfilled by 2022. At the RSA Conference in San Francisco, Infosecurity caught up with Philip Casesa, principle of products at (ISC)2 to discuss the workforce study findings.
Infosecurity Magazine: The latest (ISC)2 workforce study predicts a 1.8 million workforce shortage by 2022. How is this number calculated? Is it over-hyped?
Philip Casesa: We surveyed 20,000 security professionals, which is 40% more responses than in previous studies. This number is coming from the professionals themselves.
Infosecurity Magazine: What impact is the skills gap having on the industry?
Philip Casesa: It means that we need to be creative about where future professionals are going to come from. Organizations may have to alter the way they handle their workforce to survive. They need to attract the millennial generation.
Infosecurity Magazine: What impact is the skills gap having on the end-user?
Philip Casesa: Well, we continue to see breach news, and security operations within organizations are unable to keep up with the threats that are facing them. Customer data is at risk, and therefore so is customer trust. We are seeing more successful cyber-attacks because of the skills gap.
Infosecurity Magazine: The workforce study data from the UK shows that only 6% of respondents would recruit university graduates. Why is this, and how can we move past it?
Philip Casesa: The reluctance is down to employer’s valuing the experience factor. Even graduates from cybersecurity programs are lacking in communication skills. Organizations will have to consider developing students.
Infosecurity Magazine: The did you learn from the study results that surprised you?
Philip Casesa: What popped out of the research was most of the respondents expect to be in manager roles within two to three years of joining the industry. This, however, isn’t true of the millennials who instead expect to be in security consulting roles within two to three years. This tells us that the millennials have technical aspirations, and don’t aspire to climb the management ladder in the traditional way.
Millennials are also leaving their jobs at a much higher rate – 30% of millennials changed jobs in the last 12 months. They get the two years of experience that many employers are demanding and then they get headhunted for more money, literally doubling their salary.
Infosecurity Magazine: The skills gap has caused information security salaries to rise dramatically. Are there any negative ramifications of this, and how can SMEs compete for talent?
Philip Casesa: Salary rises are good because it creates awareness and conversations around the industry and and helps pull people in. The explosion in security salaries, however, does put a strain on SMEs looking to field a security team and maintain continuity and consistency over time. This problem isn’t helped by millennials looking at new positions as stepping stones to something else. SMEs can compete by finding under-priced talent in different industries and training them up.
Further data from the (ISC)2 workforce study will be released over the next few months, with focus on women, diversity, US government data and regional reports.
A video interview of Infosecurity interviewing Casesa will be available shortly via RSAC TV.