There's certainly no shortage of claims regarding the current shortfall of cybersecurity professionals. These findings show up repeatedly in our surveys, most recently the 2014 Global Information Security Survey and the 2013 State of the CSO, which both revealed that the demand for skilled IT security professionals continues to strain organizations' ability to fill security positions. Finding skilled information security workers was identified as one of the greatest challenges for 31 percent of large companies.
Interestingly, the Rand Corp. recently released a report in which the think tank said that it believes that the combined steps being taken currently by the government, private sector, and university training will help close the cybersecurity skills gap soon. The full report is here.
Talk of widespread gaps in skill demand and anticipated future information security job market balance are interesting, but what security pros need to know today is what skills they need to be honing to thrive in the years ahead.
With that question in mind, we reached out to more than a dozen practitioners, most whom are in a position to hire or contract security expertise. Our informal survey found that there seems to be an increase in the demand, at least in the private sector, for security pros who are as much, if not more, skilled in communications, business management, and explaining risk to executives in business terms.
"There will always be the need for technical skills within security, says Brian Honan, founder of Dublin, Ireland-based BH Consulting. "But in many enterprises these [positions] will be subsumed into operations or outsourced to vendors who specialize in those areas." For this to be possible, Honan anticipates that much security automation is on the way, such as that we see in patch management, vulnerability management, and change control. "We will also see better automated solutions to automatically detect and react to threats," Honan anticipates.
It remains to be seen whether we see that level of automation, or not, or if new complexities appear and manage to increase IT security professional workloads.
Regardless, security professionals need the right skills to survive in the years ahead:
No doubt. And while the future is bright for those with the right sets of skills, it's likely to be quite dim for those who choose to stand still and not continuously train and grow their capabilities.