Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/22/2018
04:00 PM
Connect Directly
Twitter
RSS
E-Mail
0%
100%

2018 State of Cyber Workforce

Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.
Previous
1 of 9
Next

The gap in available, skilled talent compared with the demand for cybersecurity skills on the job market continues to widen, according to new cybersecurity workforce numbers put out by (ISC)² out last week.

The study shows a need to fill upward of 3 million cybersecurity positions worldwide – now the No. 1 concern facing security managers today. The release of this report offers a good opening for Dark Reading to revisit the latest statistics from not only (ISC)², but a number of other industry authorities with recent reports on the state of cybersecurity hiring, salaries, training, and more. They come complete with some of the most eye-opening data visualizations to provide an illuminating snapshot on the state of the cyber workforce from a number of different dimensions.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
11/10/2018 | 12:55:49 PM
Re: The HR emperor is naked.
Many good points Joe!

You could add that online job-search/posting services have overwhelmed traditional HR practices.  I suspect most (dis)qualification requirements in postings are just to narrow the number applications to hundreds, rather than tens of thousands - accepting that the best prospects will likely follow the baby with the bath water.

You also have PC pressure to disregard anything that isn't document-based, anything based on an assessment of the person, such as personal integrity or eagerness to learn.  

Prehaps the biggest one is that the idea of testing applicants for role-specific apptitude, and training those that have it, is rare these days (mostly for the reasons we each mentioned).  Much easier, less expensive, and PC safer to view people as a commodity, prepackaged and ready to plug in (even if most of it is poor quality and made overseas).  

BTW, if you didn't take the "emperor" idea from Roger Penrose's "The Emperor's New Mind" Oxford 1989, I suggest you check it out - very prescient.  
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
11/10/2018 | 12:24:46 PM
Eyes opened, but are you seeing the bigger picture?
"Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide."

Cyber-anything is suposed to mean self-regulating automated systems!  How can you have 3 million carbon-based analog workers (let alone a shortfall of that many), in just ONE aspect of the 21st century automated digital-silicon-cyber-world we're supposed to inhabit?  
wperry31
50%
50%
wperry31,
User Rank: Strategist
11/10/2018 | 11:32:16 AM
Re: Workforce
Love Dark Reading.

 

Hate the "jump trhough the hoops" interface to get to where I want to go.  Jeeeeezzzzz.

 

Finally on the this Post I was able to print 9 separate pages......NOT.

 

Why can't you just put the article or what paper in one link?  All of it!  No one goes out to tread page four of a 9 pager.

 

Maybe I'm missing the obvious button, somewhere, that says, "Print out the whole White Paper."

 

On occasion I've been unable to bring up the item what with all of the responses ranging from Yes, No, Register, Already Registered, View....................

 

Did I mention I loved Dark Reading?  That's the only reason I keep re-indexing the site in the land of the confusing interfaces.

 

Bill
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:47:54 AM
Re: Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Its because the management refuses to pay for candidates that are qualified in many companies IT has a say and they refuse to pay security folks more that IT folks even though for really great candidates the technical skills are way beyond normal IT folks
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:45:46 AM
Re: Workforce in General
Agreed had a manager tell me they could offshore the security department jobs for $8/hr. That's the problem you get what you pay for and they are not willing to pay for the best candidates
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
11/2/2018 | 3:12:38 PM
Re: Workforce in General
Why would ANYONE pick a career in IT when all the C-Suite does is fire staff and outsource to third world countries,  Cyber security may have proection, for now, but still our field has been decimaed by low cost wage and low skill individuals.  I am not referring to India directly but in general, we have been ruined.   H1-B visa abuse IS REAL.  
CyberMark
86%
14%
CyberMark,
User Rank: Strategist
11/1/2018 | 2:39:47 PM
Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Skill Shortage, to the author of this article if you'd have searched the DarkReading database you would have seen these articles of skill shortage have been published and rubbished in the past. I have a master's degree in cyber security and can't even get an interview and I know others in exactly the same situation. So please forward my contact details to all the businesses you did your research with, I will look forward too many interviews.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 11:33:37 PM
The HR emperor is naked.
I've said it before and I will continue to say it. The talent shortage in cybersecurity is horse dung. You'd have a "talent shortage" too if you were only willing to offer people 1/3 or less of what their skills are actually worth. You'd have a "talent shortage" too if you were using arcane HR hiring processes designed to weed talent out instead of find talent. You'd have a "talent shortage" too if you drafted job descriptions for purple squirrels.

Not to mention the fact that there is a perverse incentive in the US to "suffer" from these "talent shortages" -- because then you get to document it and then hire much cheaper labor from overseas by abusing H1B and L1 visa programs.

Organizations who complain of this shortage have no one to blame but themselves and their HR departments. The cybersecurity talent shortage would be largely solved inside of a month if every org purporting to suffer from it laid off all their HR people and reassigned HR duties to different departments who are much better equipped to handle those tasks (compliance/legal/ethics/ERISA stuff to corporate counsel, payroll to AP, hiring to the hiring managers/departments themselves with a CFO's-office assist, etc.).
stevenpaul
50%
50%
stevenpaul,
User Rank: Author
10/30/2018 | 7:13:15 PM
Workforce
Very interesting article on cyber workforce status!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...