A Good Cyber-Security Pro is Hard to Find

By CIOinsight  |  Posted 11-17-2010

Much has been made about the U.S. government's need to hire more cyber-security professionals. But finding the best way to build that workforce may be difficult.

A new survey from the International Information Systems Security Certification Consortium (ISC)² finds that many of the trending ideas on how to structure the cyber-security workforce do not jibe with the thoughts of those on the frontlines. In a poll of nearly 700 IT security pros, about 75 percent cite "a lack of a defined career path" as a key reason there is a shortage of federal IT security pros, while just under 60 percent cite "a lack of professional development plans."

Some 74 percent of respondents attribute the security weaknesses of infrastructures as being due to inadequately trained staff. Lack of professionals with appropriate skills (68.6 percent) and insufficient funding (63.2 percent) were also popular answers.

Roughly 47 percent of respondents agree that current information security certification programs are serving the need of the U.S. federal government to build a qualified cyber-security workforce. Nearly half (48.3 percent), however, say there is a gap between existing certification programs and the specific cyber-security skills needed in the workplace. Approximately 40 percent say current professional certification programs create a false sense of security, and about 54 percent say "increasing investment in training and certification primarily for technical skills" will not solve America's security problems.

For more, read the eWeek article Cyber-Security Job Development Challenges Highlighted in Survey.