In a view from inside the security operations center, technical knowledge about forensics, threat intelligence, and malware are more critical workplace deficits than diversity, according to a recent Dark Reading online flash poll.
Our poll, which took a deep dive into the current security talent gap, asked the Dark Reading community to identify three security skills or traits that are most lacking in their SOCs. The results, depicted in the graph below, show a concern among respondents about their ability to stay on top of the latest attack trends, defenses, and technologies.
Among the top five responses, communication, in fourth place, was the only skill outside the realm of basic infosec that respondents identified from a list of 10; the list also included characteristics like professional certifications, general business experience, and workplace diversity.
It’s interesting to note that diversity (or lack thereof) came up dead last in the poll, which, to put it in a positive light, is probably a pretty accurate depiction of the composition of most information technology departments today rather than the basis for a discrimination claim or a knock on the security community’s commitment to equal opportunity.
At Google, for instance, a recently released diversity report detailing its current workplace demographics showed that among tech employees, the breakdown was 83 percent men and 60 percent white. “We’re not where we want to be,” observed Laszlo Bock, Google’s Senior Vice President, People Operations. That's a sentiment that's hard to dispute.
Not surprisingly, professional certifications came up eighth on the list, which seems to me less a comment on the enduring argument over the value of a security credential than an indication that certs like CISSP are already in abundance on the resumés of Dark Reading security teams.
Respondents also gave short shrift to the idea that it’s important for security teams to have a working knowledge of their industry or experience managing vendors.
For our next poll, we are looking for input for calculating a CEO risk management report card. If you were assessing your chief exec on his or her commitment to better cyber security and lower risk, what grade would you give? The criteria:
- Grade A: It's a top priority -- we've got all the right tools, budget, and staff
- Grade B: We're moving in the right direction, but we lack critical tools
- Grade C: We're meeting the minimum compliance requirements, but barely
- Grade D: We're flying blind -- our tools are outdated and our team needs more support and training
- Grade F: Epic fail -- we're an open target for attack
Click here to grade your CEO. And, as always, be sure to share your thoughts in the comments.