The Shortfall in Information Security Skills

The Right Approach

Demand is rising as a result of increased connectivity, raised awareness, the number of vulnerabilities and on-going increase in hacker activity.  However, simply just having a big recruitment budget is not the solution.  Strategies such as focusing on internal training and development need to be considered.

Employee Requirements

So what makes a good information security professional, particularly when it is no longer a single person role?  People who have an understanding of policy, process, risk management and governance are needed together with those who can work with technical teams and help businesses shape and interpret their needs.  There is also a need for technical security experts who understand the challenges of product integration and application development.  They need to be able to work with infrastructure and application development teams and most importantly testing functions.  In addition, people are needed with project and programme management experience, business analysis skills, as well as a good grasp of risk management.  These professionals are equally important to a business as those who understand how to hack networks, systems and applications.  And finally it is important to note the value of experience.  New threats constantly emerge, but many fundamental issues remain the same.

We are thankfully seeing more focus on information security skills with increased government investment in Cyber initiatives working with organisations like the CESG and private industry.  Although this will deliver value over time it is not a quick fix, so for the time being information security skills will continue to come at a premium.