New research conducted by the Centre for Cyber Safety and Education – part of its eighth Global Information Security Workforce Study (GISWS) sponsored by (ISC)² and Booz Allen Hamilton – suggests a serious talent shortage looms in the information security workforce. The survey and analysis, which includes feedback from over 19,000 information security professionals worldwide, indicates that employers must look to millennials to fill the projected 1.8 million information security workforce gap that’s estimated to exist by 2022. This is an increase of 20% from the 1.5 million worker shortfall forecast by the 2015 GISWS.
“For years, we’ve known about the impending shortfall in the information security workforce, as evidenced by our study year after year,” said David Shearer, CEO at (ISC)². “For the first time, we’re taking a deep dive into the millennial respondents, and we’re finding that they want different things in terms of job satisfaction and career paths. They truly are the future of cyber security, and I believe they hold the key to filling the well-publicised information security workforce gap.”
One of the largest studies of the information security profession ever conducted, the 2017 GISWS was carried out from May through until September last year by Frost & Sullivan using a web-based survey.
Since its debut in 2004, the GISWS has provided a complete profile of the information security workforce, with a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitudes towards information security that’s of use to Governments and corporations, hiring managers and information security professionals themselves.
Focus on millennial respondents
The 2017 study features a series of reports and analyses, with the first analysis focused on the millennial respondents. Key takeaways for employers and hiring managers to attract and retain the millennial workforce are numerous. For example, millennials want career development, including sponsorship for mentoring and leadership programmes. They also crave employer-funded professional certifications and association memberships.
Millennial workers are more likely to change employers than other generations. They’re also more likely to aspire to become security consultants than they are to move into managerial roles within an organisation.
They value career development opportunities and are more likely to pay for them if such opportunities are not offered by their employers.
“In many cases, millennials are already critical players who enable the success of our collective cyber defence,” said Angela Messer, Booz Allen Hamilton executive vice-president as well as the firm’s cyber innovation business leader and cyber talent development champion. “To attract, retain and empower these millennials, it’s clear from the Global Information Security Workforce Study that our industry must be innovative not only in its tradecraft, but also in terms of how it actively supports this next generation of information security professionals.”
Supporting and developing cyber security talent
On that note, Richard Horne (cyber security partner at PwC) commented: “Supporting and developing the next generation of cyber security talent is absolutely essential to the future of the industry. At PwC, we’re on track to recruit more than 1,000 technology specialists over the next four years at both graduate and experienced levels. Cyber security hires will be a significant part of this and, in 2017, we’re increasing the number of graduates recruited to meet increasing client demand.”
Horne went on to state: “We believe it’s important to help our graduates experience the many different paths a career in this field could follow by offering a rotation programme around our teams, ranging from threat intelligence and incident detection and response through to security transformation programmes and legal and regulatory compliance. Cyber security roles can often be seen as purely technical in nature, but today’s well-rounded cyber security expert has a diverse skill set, with not only technical knowledge, but also wider business skills like creativity, organisation, relationship-building and communication.”
*The full 2017 GISWS Millennial analysis can be viewed here: https://iamcybersafe.org/research_millennials/