One common theme resonating across the information security industry is a distinct lack of trained security professionals. While there certainly is not a lack of interest in the career field, many organizations are beginning to take security very seriously. As a result, the experience and education they require from job applicants are extensive. More universities are finally offering degrees specializing in cyber security in order to help feed this growing hunger for security knowledge. The University of Texas at San Antonio is one such school, which now offers an entirely online bachelor’s degree in cyber security.
The issue causing this shortage is two-fold. On one hand, information and data security has not been taken very seriously over the past couple decades. This has initiated the shortage by relying on information technology professionals to handle security of their systems without having dedicated security professionals instead. This means there has been very little incentive for high school graduates to consider careers in information security, and the ones that have gone into information technology likely were educated more on software development and networking with little to no consideration for security. This lack of incentive has led to a saturated market of information technology and software development professionals, but very few that fully understand security.
The second part of the problem is the knee-jerk reaction of the job market. Considering the importance of security to many organizations, especially financial institutions and healthcare organizations, the experience and education requirements employers are looking for are stringent. Doing a quick job search for data, information, or application security openings on any job search site reveals that most positions are requiring at least five years of experience, an undergraduate degree, and many require certifications like the CISSP that alone require at least five years of full time job experience in the information security industry. What we have as a result is both a lack of security professionals as well as very few entry-level positions in security to help budding security professionals grow.
With so few qualified candidates and so many organizations now looking to hire dedicated security professionals, many businesses are turning to a solution that has existed for some time. Security consultant firms have certainly been around for a while, and not just for information security. However, these firms have more to do with occasional audits and recommendations and have traditionally offered less help with the day-to-day operations of the organizations the serve. This is where things are beginning to change.
A perfect example is a set of services provided by CynergisTek in their managed services category. The two main services they provide are their Managed Privacy Monitoring Service and Vendor Security Management. This is an interesting development that could have a profound effect on the information security industry if other companies adopt similar service offerings.
Just as many cloud hosting services are now scooping up the business of organizations that want to do away with the upkeep of maintaining their own servers and internal networks, security consulting firms could change course and offer managed services that would eliminate the need for organizations to hire dedicated security professionals. This could also pave the way for opening more entry-level positions for up-and-coming security professionals as these consulting firms grow and offer the tutelage of their senior employees.
With a growing number of internet-based companies, services, and technologies there is no end in sight to the equal growth in demand for security professionals. This is a job market that will likely continue to be malnourished for years to come. If companies like CynergisTek can continue to adapt and offer managed services, the pressure could be alleviated. This could end up being the solution to the glaring lack of professionals that the information security industry has been looking for.