Careers & People

7/8/2017
10:46 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

Desperately Seeking Security: 6 Skills Most In Demand

When people say there's a security skills gap, this is what they really mean.
Previous
1 of 7
Next


Image Source: Adobe Stock

Image Source: Adobe Stock

The last several years have seen a slew of reports coming out lamenting the typical enterprise's ability to recruit and retain quality cybersecurity talent.

Earlier this year, ISACA's Cybersecurity Nexus survey found that more than one in four organizations take six months or longer to fill priority cybersecurity positions. Respondents to the survey said that 40% of organizations report receiving fewer than five applications for cybersecurity positions. And if things keep going the way they're already headed, the problem is only going to get worse. According to the 2017 (ISC)2 Global Information Security Workforce Study conducted by Frost & Sullivan, by 2022 there will be a global shortfall of cybersecurity workers of 1.8 million people.

At the same time, the pain is not necessarily a singular problem; a lot of the issue comes down to the fact that there aren't enough candidates with the right combination of specialized skills to fight the security problem at any given moment. It's a moving target that changes day-by-day.

"There’s definitely a talent shortage of quality information security professionals who are capable of solving emerging problems," says Lee Kushner, president of cybersecurity recruiting firm LJ Kushner & Associates. "It’s not a shortage of general skill or average skill, it’s a shortage of skills that can help companies solve their problems."

As the industry starts to look at the problem, it'd best start putting a finer point on the types of skills most in demand rather than fixating on one overarching security deficiency.

"The problem is more granular than 'look at all the open jobs,'" says Mike Viscuso, CTO and co-founder of Carbon Black.

According to the most recent research, the following specialties and skills are the ones that hiring managers are having the hardest time plugging into their teams.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
7/31/2017 | 2:24:10 PM
Re: I don't buy young and cheap
To humbly disagree, "old and expensive" is a different skill set than "young and cheap".  Those who define and manage process still need those who can tear that process to the ground and force you to refine and release to stay on top of current trends.  Spend some time on the bug bounty sites and read how much detail goes into some of these bug reports written by the "young" who often take these bounties for the challenge alone; it's a crime how little some of the bounties are, yet still these young and cheap hackers are dancing circles around the over-paid CISOs who sometimes have no place on a security team.
TomC764
100%
0%
TomC764,
User Rank: Apprentice
7/19/2017 | 3:21:52 PM
I don't buy young and cheap
I am old and expensive. The main reason that I get gigs is business knowledge. Youngg and cheap are focused on buying more toys. My focus is on cost effective solutions that don't kill the profit of various business. I mostly doo risk assessments and rdidk management not CISSP type work. Those people are young aand cheap AND easily replaceable.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/14/2017 | 3:03:10 PM
Forgetting a couple
A couple items were missing from the slideshow.

"Young" and "cheap".

That's the real "talent shortage" in InfoSec and the tech sector right there, IMHO, based upon what I'm seeing.
mulhearnf
67%
33%
mulhearnf,
User Rank: Apprentice
7/13/2017 | 5:36:42 AM
The lack of skilled people, and the retention thereof.
As long as executives, continue to spend more money on coffee machines, than on security, the problem will continue, and get worse.

To get skilled people, you need to pay them enough, and treat them well.
afarngalo221
100%
0%
afarngalo221,
User Rank: Apprentice
7/11/2017 | 1:59:10 PM
Very good article
This is a very good article and it does highlight the overarching issues with the skills and experiences in the cyber security space.

 

As a recruiter for Navy Federal Credit Union, check out www.navyfederal.org.

 

Thanks,

Agatha
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.