A lack of training and finding talent within existing employee pools is hampering the quest to close the cybersecurity skills gap, according to (ISC)².
In its study, IT Professionals are a Critically Underutilized Resource for Cybersecurity, (ISC)² found that many organizations are not fully maximizing the opportunity to empower and equip their IT staff—the very individuals most often tasked with implementing security policy and technologies—with the education and authority they need to effectively bolster their cybersecurity.
The research, based on responses from more than 3,300 IT professionals worldwide who participated in the 2017 Global Information Security Workforce Study, revealed that just 43% said their organization doesn’t provide adequate resources for security training; and more than half (55%) said their organization doesn’t require IT staff to earn a security certification.
Hiring managers rank communication skills (62%) and analytical skills (52%) as their top desired skills for new candidates, while IT pros cite cloud computing and security (64%), and risk assessment and management (40%) as top skills they believe are needed. But they’re not achieving what they want: A full 63% said their organization has too few security workers, while 51% said their systems are less able to defend against a cyberattack compared to a year ago.
“Our findings suggest too many organizations overlook a tremendous pool of cybersecurity talent already on staff and intimately familiar with their infrastructure and processes,” said (ISC)² CEO David Shearer, CISSP. “The quickest way for many organizations to bolster their cyber defense is through continuous security education and empowerment of their IT team. Security is a shared responsibility across any enterprise or government agency. Unless IT is adequately trained and enabled to apply best practices across all systems, even the best security plan is vulnerable to failure.”
To help organizations bolster their cybersecurity expertise within IT, (ISC)² also announced a new prerequisite pathway for its Systems Security Certified Practitioner (SSCP) certification. IT professionals and others who have earned a cybersecurity or computer science degree from an accredited college or university can attain certification without completing one year of paid, full-time work experience previously required in addition to passing the SSCP exam and completing the (ISC)² endorsement process. This creates a more streamlined path to SSCP cybersecurity certification for qualified IT professionals.
“SSCP is an ideal cybersecurity certification for IT professionals responsible for the hands-on operations of securing their organizations,” (ISC)² said. “Those who earn the SSCP demonstrate their technical skill to implement, monitor and administer IT infrastructure using defined security policies and procedures, as well as the ability to protect the confidentiality, integrity and availability of data. The SSCP encompasses security operations and administration; risk identification, monitoring and analysis; incident response and recovery; network and communications security; system and application security; and cryptography.”
Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/