The most sought-after quality in security hiring today is strategic knowledge versus technical know-how, a global workforce study says.
In recent years, CISOs have succeeded in getting more boardroom buy-in for security tools and staff. According to (ISC)2's most recent Global Information Security Workforce Study, two-thirds of C-level managers believe their security departments are too small. Employers are interested in expanding their security staff, but they can't find people to fill the positions.
According to the study, the most sought-after quality is a broad knowledge of security -- more of a strategic understanding than technical know-how -- followed by certifications. This is a tricky combination. Individual technical certifications don't provide a broad understanding of security strategy, and CISSP certifications are only given to people who already have five years of experience working as a security professional.
"There really aren't many entry-level positions in security in the same way there are in other industries," says Julie Peeler, head of the (ISC)2 Foundation. "What we really need is people who have experience beyond the one piece of technology. More than just a Cisco server, they need to know how servers work, and how servers link to each other. They need to understand the strategy and engineering behind a server. They don't make those in college."
Peeler says that the entire security industry is moving away from the super-techie with the IT degree.
"Because of the rise of the security analyst -- someone who can take a lot of disparate information and cull the truth out of it -- companies are looking at people with liberal arts backgrounds -- necessarily non-technical backgrounds," says Peeler. "A lot of these analytical skills are hard to teach."
The trouble then is, if the people we want in IT jobs do not have IT backgrounds, how can we coax them to apply?
Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.