Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/22/2018
04:00 PM
Connect Directly
Twitter
RSS
E-Mail
0%
100%

2018 State of Cyber Workforce

Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.
Previous
1 of 9
Next

Image Source: Adobe (taa22)

Image Source: Adobe (taa22)

The gap in available, skilled talent compared with the demand for cybersecurity skills on the job market continues to widen, according to new cybersecurity workforce numbers put out by (ISC)² out last week.

The study shows a need to fill upward of 3 million cybersecurity positions worldwide – now the No. 1 concern facing security managers today. The release of this report offers a good opening for Dark Reading to revisit the latest statistics from not only (ISC)², but a number of other industry authorities with recent reports on the state of cybersecurity hiring, salaries, training, and more. They come complete with some of the most eye-opening data visualizations to provide an illuminating snapshot on the state of the cyber workforce from a number of different dimensions.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
11/10/2018 | 12:55:49 PM
Re: The HR emperor is naked.
Many good points Joe!

You could add that online job-search/posting services have overwhelmed traditional HR practices.  I suspect most (dis)qualification requirements in postings are just to narrow the number applications to hundreds, rather than tens of thousands - accepting that the best prospects will likely follow the baby with the bath water.

You also have PC pressure to disregard anything that isn't document-based, anything based on an assessment of the person, such as personal integrity or eagerness to learn.  

Prehaps the biggest one is that the idea of testing applicants for role-specific apptitude, and training those that have it, is rare these days (mostly for the reasons we each mentioned).  Much easier, less expensive, and PC safer to view people as a commodity, prepackaged and ready to plug in (even if most of it is poor quality and made overseas).  

BTW, if you didn't take the "emperor" idea from Roger Penrose's "The Emperor's New Mind" Oxford 1989, I suggest you check it out - very prescient.  
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
11/10/2018 | 12:24:46 PM
Eyes opened, but are you seeing the bigger picture?
"Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide."

Cyber-anything is suposed to mean self-regulating automated systems!  How can you have 3 million carbon-based analog workers (let alone a shortfall of that many), in just ONE aspect of the 21st century automated digital-silicon-cyber-world we're supposed to inhabit?  
wperry31
50%
50%
wperry31,
User Rank: Strategist
11/10/2018 | 11:32:16 AM
Re: Workforce
Love Dark Reading.

 

Hate the "jump trhough the hoops" interface to get to where I want to go.  Jeeeeezzzzz.

 

Finally on the this Post I was able to print 9 separate pages......NOT.

 

Why can't you just put the article or what paper in one link?  All of it!  No one goes out to tread page four of a 9 pager.

 

Maybe I'm missing the obvious button, somewhere, that says, "Print out the whole White Paper."

 

On occasion I've been unable to bring up the item what with all of the responses ranging from Yes, No, Register, Already Registered, View....................

 

Did I mention I loved Dark Reading?  That's the only reason I keep re-indexing the site in the land of the confusing interfaces.

 

Bill
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:47:54 AM
Re: Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Its because the management refuses to pay for candidates that are qualified in many companies IT has a say and they refuse to pay security folks more that IT folks even though for really great candidates the technical skills are way beyond normal IT folks
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:45:46 AM
Re: Workforce in General
Agreed had a manager tell me they could offshore the security department jobs for $8/hr. That's the problem you get what you pay for and they are not willing to pay for the best candidates
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
11/2/2018 | 3:12:38 PM
Re: Workforce in General
Why would ANYONE pick a career in IT when all the C-Suite does is fire staff and outsource to third world countries,  Cyber security may have proection, for now, but still our field has been decimaed by low cost wage and low skill individuals.  I am not referring to India directly but in general, we have been ruined.   H1-B visa abuse IS REAL.  
CyberMark
86%
14%
CyberMark,
User Rank: Strategist
11/1/2018 | 2:39:47 PM
Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Skill Shortage, to the author of this article if you'd have searched the DarkReading database you would have seen these articles of skill shortage have been published and rubbished in the past. I have a master's degree in cyber security and can't even get an interview and I know others in exactly the same situation. So please forward my contact details to all the businesses you did your research with, I will look forward too many interviews.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 11:33:37 PM
The HR emperor is naked.
I've said it before and I will continue to say it. The talent shortage in cybersecurity is horse dung. You'd have a "talent shortage" too if you were only willing to offer people 1/3 or less of what their skills are actually worth. You'd have a "talent shortage" too if you were using arcane HR hiring processes designed to weed talent out instead of find talent. You'd have a "talent shortage" too if you drafted job descriptions for purple squirrels.

Not to mention the fact that there is a perverse incentive in the US to "suffer" from these "talent shortages" -- because then you get to document it and then hire much cheaper labor from overseas by abusing H1B and L1 visa programs.

Organizations who complain of this shortage have no one to blame but themselves and their HR departments. The cybersecurity talent shortage would be largely solved inside of a month if every org purporting to suffer from it laid off all their HR people and reassigned HR duties to different departments who are much better equipped to handle those tasks (compliance/legal/ethics/ERISA stuff to corporate counsel, payroll to AP, hiring to the hiring managers/departments themselves with a CFO's-office assist, etc.).
stevenpaul
50%
50%
stevenpaul,
User Rank: Author
10/30/2018 | 7:13:15 PM
Workforce
Very interesting article on cyber workforce status!
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...