How Secure Is the Cyber-Security Profession?
With cyber-breaches and cyber-security in the news on a daily basis—and demand for security experts on the rise—one would think that the field would deliver a robust career path. However, according to an October 2016 report from the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG), "The State of Cyber-Security Professional Careers," this simply isn't the case. The two organizations polled 437 information security professionals located in all regions of the world and found that industry rhetoric doesn't necessarily match reality. Many cyber-security pros aren't sure how to proceed with their career path; many aren't receiving the training they desire or need; relationships between business, IT and security teams are lacking; and too many organizations accept "good enough" rather than very good security. Moreover, many organizations are using a broken model. Among other things, many security executives are not getting enough face time in the boardroom—a significant factor that contributes to turnover. And organizations are struggling with internal relationships among the cyber-security, line of business and IT teams. Here's a look at some of the key findings from the report, along with how these factors are affecting security careers.