Do you have the IT Security Skills you need?
The same survey suggests that there will be over 1.5 million cyber security jobs by 2019.
However, the 2015 (ISC)2 Global Information Security Workforce Study reported that the information security workforce shortfall is widening. 62% of the study’s respondents stated that their organisations have too few information security professionals. Just over half of those surveyed take at least three months to fill open cyber security positions and nine percent struggled to fill them at all.
Perhaps most worrying of all is that 60% of all respondents to a recent ISACA survey do not believe their information security staff can handle anything more than simple cyber security incidents, but almost 75% expect to experience a cyber attack.
The 2015 State of Cybersecurity indicated that nearly 65% of all entry-level cybersecurity applicants lacked the requisite skills to perform the tasks related to the jobs they were seeking.
How is your organisation developing those needed technical skills?
So how do you address the skill gap?
Firstly, don’t limit IT security training to a narrow group of specialists. Everyone needs an understanding of the implications of new technologies and the potential threat to the organisation’s security. Anyone who can plug in an iKettle in the staff kitchen, can put your network security at risk.
For smaller organisations, have a look at the free government cyber security on-line training: . https://www.gov.uk/government/collections/cyber-security-training-for-business. As well as an overview for all staff, there are specific courses for HR, Procurement, Lawyers and Accountants, which have been developed with the relevant industry body.
For more detail try an Introduction to Cyber Security. It has been developed by The Open University with support from the UK Government’s National Cyber Security Programme and can be accessed free of charge. This GCHQ Certified Training course is also accredited by the Institute of Information Security Professionals (IISP).
For the technical team, there is a range of security accreditations available from groups such as IISP and ISACA. Qualifications such as the Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certificate in Information Security Management Principles (CISMP) are globally recognised and accepted.
If budget and time are both tight, look at training specific to your area of IT responsibility, such as the Certified File Transfer Professional course. This covers encryption, FTP Protocols, Advanced Protocols including HTTP and ASx, File Sync and Share, and Automation.
Whichever route you take, remember that no information security related certifications coupled with lack of experience is what stopped most companies hiring IT staff in this growing area this year.
Cybersecurity Business Report – The CSO Online
State of Cybersecurity – Implications for 2016. An ISACA & RSA Conference Survey
Cyber Security Training for Businesses – HMRC