peterzayda - stock.adobe.com
Public admires security professionals, but doesn’t want their jobs
(ISC)² research finds attitudes towards security roles are increasingly positive, but not many people fancy joining the fight against cyber crime
The general public feels increasingly positive about and well-disposed towards cyber security professionals, but many are inclined to misunderstand the profession and few feel the world of security would be a fit for them career-wise.
These are the findings of research by certification body (ISC)² ahead of National Cybersecurity Awareness Month in the US and European Cyber Security Month in the European Union (EU) and the UK. (ISC)² polled 2,500 people in the UK and US – none of whom work or have ever worked in security – to form its 2020 Cybersecurity Perception Study.
It found an encouraging shift in perceptions of security professionals, who have traditionally been viewed negatively as roadblocks to increased business efficiency. Just over 70% of respondents said they considered security pros “smart” and “technically skilled”, while 51% described them as “the good guys” in the fight against cyber crime.
Older people identifying as Baby Boomers were more inclined to have a positive view. At the other end of the age spectrum, Generation Z or Zoomers – those born since about 1995 – were more cynical.
However, even with huge numbers of people considering a career change as the Covid-19 pandemic upends lives and working patterns worldwide, and an estimated shortage of almost two million security professionals, the study also found multiple obstacles that, their powers combined, are putting people off a career in security.
“These results show us that while it’s becoming even more highly respected, the cyber security profession is still misunderstood by many, and that’s counterproductive to encouraging more people to pursue this rewarding career,” said Wesley Simpson, chief operating officer at (ISC)².
Wesley Simpson, (ISC)²
For the vast majority of those surveyed (77%), the highest barrier to entry was the fact that cyber security was never offered as part of their formal educational curriculum, making it hard to understand what roles in the sector entail and how to go about getting them. Over half (61%) thought they would either need to go back to school, earn a certification, or teach themselves new skills to pursue a security career.
(ISC)² also identified a widely held belief that cyber security roles require exceptionally advanced IT skills that need time and investment to develop – 32% of respondents said the level of technical knowledge or training needed was too much for them.
Absent of formal cyber security education, people tended to form their perceptions of the cyber security industry through TV shows or movies, or by headline news coverage of major security incidents.
“The reality of the situation – and what we need to do a better job of publicising – is that a truly effective cyber security workforce requires a broad range of professionals who bring different skillsets to their teams,” said Simpson.
“While technical skills are vital for many roles, we also need individuals with varied backgrounds in areas including communications, risk management, legal, regulatory compliance, process development and more, to bring a well-rounded perspective to cyber defence.”
The report sets out three key recommendations for security leaders that may help tempt more people to consider a career in cyber security:
- Widen the appeal of the sector by increasing the focus on non-technical aspects of security roles, like communication skills, problem-solving or creativity.
- Increase outreach into industries where people with security-adjacent experience and skills are likely to be found, or within other departments within the organisation.
- Work alongside educators to build and capture interest in the field at a younger age, creating a stronger pipeline of young talent.
Read more about security skills
- The British education system cannot move fast enough to address the security skills crisis, and in the absence of government action increased reliance on automation may be the least worst solution.
- A successful DevSecOps roll-out requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps.
- GCHQ finds the shift to online learning saw an increase in participants for CyberFirst cyber security training programme.