A special Parliamentary Select Committee recently told peers in the UK’s House of Lords that there will be a global shortage of “no less than two million cyber security professionals” by the year 2017.
Apparently, further evidence suggests that that this skills gap “could take 20 years to rectify.” As cybercrime continues to thrive, what can we do?
Featured Download: Social media access at work. Do your employees know the rules?
The excellent Dr. Jessica Barker recently pointed out new research from e-skills and BCS that illustrates a lack of women in IT. This showed a fall in numbers at every stage of education and employment:
– Girls take 51% of all GCSEs and 44% of IT GCSEs, but only 6.5% of computer A-levels.
– Women make up 55% of HE entrants but only 35% of STEM entrants and only 13% of computer science entrants.
– There are 1.1 million IT specialists in the UK, but only 16% of them are women.
– Female IT specialists are paid 16% less than their male peers.
And to compound these figures, research from (ISC)2 shows that only 11% of information security professionals are women.
Lack of women?
I know a lot of talented and qualified ladies in the information security and technology fields. I am also privileged enough to have had mentored a few. What I have found from personal experience is that many find it difficult to put themselves forward, not necessarily because they lack confidence but because of the perceived maleness of the industry.
Look at the speaker line-up of any security conference. It is a well known fact that women are few and far between. But it’s a two-way street. Conference organisers should also encourage women to participate, and women should not be reluctant to put themselves forward. I do understand that speaking in front of an audience is not everyone’s cup of tea, irrespective of gender, but we observe the same trend when we look at paper submissions or blogging. My advice: your digital footprint is your friend. Make sure you invest in yourself.
Certifications, good or bad?
Another facet is that the information security space is still essentially certification-driven. Fact.
This affects not only women but also very talented men who try to break into the industry but do not have the right certifications, either due to a lack of time or lack of funds. Catch 22: when CISOs try to recruit, they will require specific certifications in their candidates because that’s what everyone does. As a result, they will brief their recruiters, who in turn will filter candidates according to the specifications, ultimately leading the situation to self-perpetuate, thereby excluding a large talent pool who have a lot of relevant experience.
How about a widely deployed, accessible, and flexible government backed/funded scheme that enables more individuals to enter the profession according to specific skills, experience, and areas of interest? Or for CISOs to broaden their horizons?
Now don’t get me wrong, I think that certifications are a good thing, but the existing certifications are still essentially technical and do not take into account the wealth of skills that are required to make any information security endeavour successful. (Remember, it’s always about people, process and technology).
To read more about what is to information security, please read Neira Jones’ original article here.
Neira Jones | @neirajones
To find out more about our panel members, please visit the biographies page.