RSA conducted a survey with the assistance of ISACA to help determine the current state of cybersecurity and what the implications for the future will be. First, Jennifer Lawinski from RSA provided information on the top topics for this year’s conference. There were 10 common phrases used in RSA speaking submissions for 2016:
After discussing a few of these topics briefly, Ron Hale, chief knowledge officer for ISACA, provided the results of the survey. Here are some of the findings:
There were a number of other statistics provided, but these were the most interesting. If you want to see the full presentation, you can do so here: https://www.rsaconference.com/events/us16/agenda/sessions/2741/state-of-cybersecurity-2016-findings-and
Another area that this survey covered was the security skills gap. According to the report, it takes 53.7% of companies between three and six months to fill a position. This is in part because they are looking for employees who do not require any training. In the past (and this is true in almost all industries), companies expected to train employees and for it to take several months to get them up to speed after they were hired. This was even the case with highly educated employees. Some training was always required. But now, employees are expected to already have the knowledge needed to perform. I wonder if instead of taking three to six months to find an employee, would it better to have more lax job requirements, hire quickly and then use that three to six months on training?
The survey also listed the skills that are generally required
With such a heavy emphasis on business and communication skills, I also wonder if it would be more efficient to hire business experts who can speak the language of business and understand business needs and train them on the technical side. I suppose it depends which training is more difficult. I think that having the ability to communicate well and think strategically is more difficult than technical skills. Those are almost innate personality attributes that are hard to teach. There are people who are more technically inclined, but for the most part, people can learn technology if they want to.
Closing the skills gap is going to be a major challenge for the security industry, which is why it is necessary for us to open the doors to demographics that were traditionally discouraged from going into security and technology.