Vulnerabilities / Threats

10/22/2018
04:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
0%
100%

2018 State of Cyber Workforce

Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.
Previous
1 of 9
Next

Image Source: Adobe (taa22)

Image Source: Adobe (taa22)

The gap in available, skilled talent compared with the demand for cybersecurity skills on the job market continues to widen, according to new cybersecurity workforce numbers put out by (ISC)² out last week.

The study shows a need to fill upward of 3 million cybersecurity positions worldwide – now the No. 1 concern facing security managers today. The release of this report offers a good opening for Dark Reading to revisit the latest statistics from not only (ISC)², but a number of other industry authorities with recent reports on the state of cybersecurity hiring, salaries, training, and more. They come complete with some of the most eye-opening data visualizations to provide an illuminating snapshot on the state of the cyber workforce from a number of different dimensions.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
11/10/2018 | 12:55:49 PM
Re: The HR emperor is naked.
Many good points Joe!

You could add that online job-search/posting services have overwhelmed traditional HR practices.  I suspect most (dis)qualification requirements in postings are just to narrow the number applications to hundreds, rather than tens of thousands - accepting that the best prospects will likely follow the baby with the bath water.

You also have PC pressure to disregard anything that isn't document-based, anything based on an assessment of the person, such as personal integrity or eagerness to learn.  

Prehaps the biggest one is that the idea of testing applicants for role-specific apptitude, and training those that have it, is rare these days (mostly for the reasons we each mentioned).  Much easier, less expensive, and PC safer to view people as a commodity, prepackaged and ready to plug in (even if most of it is poor quality and made overseas).  

BTW, if you didn't take the "emperor" idea from Roger Penrose's "The Emperor's New Mind" Oxford 1989, I suggest you check it out - very prescient.  
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
11/10/2018 | 12:24:46 PM
Eyes opened, but are you seeing the bigger picture?
"Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide."

Cyber-anything is suposed to mean self-regulating automated systems!  How can you have 3 million carbon-based analog workers (let alone a shortfall of that many), in just ONE aspect of the 21st century automated digital-silicon-cyber-world we're supposed to inhabit?  
wperry31
50%
50%
wperry31,
User Rank: Apprentice
11/10/2018 | 11:32:16 AM
Re: Workforce
Love Dark Reading.

 

Hate the "jump trhough the hoops" interface to get to where I want to go.  Jeeeeezzzzz.

 

Finally on the this Post I was able to print 9 separate pages......NOT.

 

Why can't you just put the article or what paper in one link?  All of it!  No one goes out to tread page four of a 9 pager.

 

Maybe I'm missing the obvious button, somewhere, that says, "Print out the whole White Paper."

 

On occasion I've been unable to bring up the item what with all of the responses ranging from Yes, No, Register, Already Registered, View....................

 

Did I mention I loved Dark Reading?  That's the only reason I keep re-indexing the site in the land of the confusing interfaces.

 

Bill
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:47:54 AM
Re: Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Its because the management refuses to pay for candidates that are qualified in many companies IT has a say and they refuse to pay security folks more that IT folks even though for really great candidates the technical skills are way beyond normal IT folks
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:45:46 AM
Re: Workforce in General
Agreed had a manager tell me they could offshore the security department jobs for $8/hr. That's the problem you get what you pay for and they are not willing to pay for the best candidates
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
11/2/2018 | 3:12:38 PM
Re: Workforce in General
Why would ANYONE pick a career in IT when all the C-Suite does is fire staff and outsource to third world countries,  Cyber security may have proection, for now, but still our field has been decimaed by low cost wage and low skill individuals.  I am not referring to India directly but in general, we have been ruined.   H1-B visa abuse IS REAL.  
CyberMark
83%
17%
CyberMark,
User Rank: Strategist
11/1/2018 | 2:39:47 PM
Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Skill Shortage, to the author of this article if you'd have searched the DarkReading database you would have seen these articles of skill shortage have been published and rubbished in the past. I have a master's degree in cyber security and can't even get an interview and I know others in exactly the same situation. So please forward my contact details to all the businesses you did your research with, I will look forward too many interviews.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 11:33:37 PM
The HR emperor is naked.
I've said it before and I will continue to say it. The talent shortage in cybersecurity is horse dung. You'd have a "talent shortage" too if you were only willing to offer people 1/3 or less of what their skills are actually worth. You'd have a "talent shortage" too if you were using arcane HR hiring processes designed to weed talent out instead of find talent. You'd have a "talent shortage" too if you drafted job descriptions for purple squirrels.

Not to mention the fact that there is a perverse incentive in the US to "suffer" from these "talent shortages" -- because then you get to document it and then hire much cheaper labor from overseas by abusing H1B and L1 visa programs.

Organizations who complain of this shortage have no one to blame but themselves and their HR departments. The cybersecurity talent shortage would be largely solved inside of a month if every org purporting to suffer from it laid off all their HR people and reassigned HR duties to different departments who are much better equipped to handle those tasks (compliance/legal/ethics/ERISA stuff to corporate counsel, payroll to AP, hiring to the hiring managers/departments themselves with a CFO's-office assist, etc.).
stevenpaul
50%
50%
stevenpaul,
User Rank: Author
10/30/2018 | 7:13:15 PM
Workforce
Very interesting article on cyber workforce status!
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350
PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...