Welcome to the CISO Perspectives Weekly Briefing, where we break down this week’s conversation, providing insights into relevant research and information to help you further understand the topics discussed.
Professionalizing cyber.
Cybersecurity is having a bit of an identity crisis. Is it a profession, a vocation, or a trade? This uncertainty is affecting how new workers and organisations adapt. A 2013 report from the National Academy of Science (NAS) first analysed the state of the cyber industry, noting several key issues regarding the professionalisation of the cyber workforce. Some notable conclusions include:
- More focus is needed on the capacity and capability of the cyber workforce.
- Forecasting the needs of the cyber workforce is challenging.
- Professionalisation varies greatly depending on role and cannot be treated as a single entity.
- A wide variety of backgrounds and skills are essential for a competent cyber workforce.
- Professionalisation can happen through multiple routes and has different goals.
- The path to professionalisation is often slow and difficult.
- There are both costs and benefits to consider before pursuing professionalisation.
The state of the cyber industry.
In 2022, insights from Sounil Yu, CISO at JupiterOne, highlighted ongoing debates within the industry. Yu argued that the prevailing belief is to consider security practitioners as professionals, which often leads to job requirements favouring candidates with college degrees.
- Over 86% of the current cyber workforce holds a bachelor’s degree or higher.
- 70% of job listings for cyber roles during that period required such degrees.
- Yu believes many roles should be viewed as vocations rather than strictly professional jobs.
- The ratio of vocational to professional jobs in cyber stands at 1:2, unlike other sectors with a ratio of approximately 4:1.
The ISC2’s latest report from 2024 reinforced these findings, indicating:
- Current cybersecurity teams lack the necessary skills for their goals.
- Despite being urgent, employers have reduced hiring efforts and professional development opportunities.
- 60% of survey respondents acknowledged significant skill gaps affecting organisational security.
- Paths into cybersecurity are evolving, with an increasing number of older individuals entering the field.
- Diverse backgrounds contribute to closing talent gaps.
- AI is playing a dual role, both improving and complicating security efforts.
While the identity issues persist, professionalisation within the cybersecurity field remains a viable solution, offering a path forward for leaders and aspiring talent in the industry.
Key insights
- Cybersecurity struggles with defining its identity as a profession, trade, or vocation.
- The NAS report underscores the need for better professionalisation in the cyber workforce.
- Over-reliance on degrees may exclude capable candidates from cyber roles.
- Significant skill gaps exist, with industry pressures affecting hiring and professional development.
- AI advancements may change the landscape of skills needed in cybersecurity.
Why should I read this?
If you’re remotely interested in cybersecurity, this article dives into a critical conversation about the field’s identity crisis. Understanding how these classifications affect job roles and skills can help you navigate your career path in a rapidly evolving industry. Plus, it points out some serious gaps we need to fill ASAP to avoid leaving vital roles unoccupied. We’ve done the reading so you don’t have to!