Status of the Industry: 2015 Global Information Security Workforce Study

Similar documents
The 2015 (ISC)2 Global Information Security Workforce Study

The 2015 (ISC)2 Global Information Security Workforce Study

Italian Enterprises Adopt Big Data Solutions. Forrester Consulting

IT Workforce snapshot

Analysis of the Latin American Information Technology (IT) Infrastructure Outsourcing Services Market Maturity of the Latin American Market Drives

IT Workforce snapshot

Healthcare Privacy and Security: Workforce Competency. #privacysummit. Sean Murphy CISSP, ISSMP, HCISPP March 7, 2014

Strategic Progress Update July 2014 March 2015

"World Quality Report: Trends in Technology, Organization and Outsourcing"

SURVEY FINDINGS. Executive Summary. Introduction Budgets and Spending Salaries and Skills Areas of Impact Workforce Expectations

Cloud ROI Survey Results Comparison 2011 & 2012

State of IT Skills Gap

Outsourcing HR: Advantages for Small Businesses

Survey of more than 1,500 Auditors Concludes that Audit Professionals are Not Maximizing Use of Available Audit Technology

Remote Collaboration Solutions In the Financial Services Industry

CEO Survey 2013 Hungary. respondents

Employment Outlook and Salary Guide 2011/12

Commonwealth Bank Legal Market Pulse report

Address C-level Cybersecurity issues to enable and secure Digital transformation

Analysis of the SSL Certificate Market Balancing Certificate Growth with Declining Revenue Growth Rates and Trust. Global

ESI ANNUAL SALARY SURVEY

Accountancy & Finance Salary Guide

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cybersecurity: Mission integration to protect your assets

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

LONG-RANGE STRATEGIC PLAN SUPERIOR COURT OF CALIFORNIA COUNTY OF EL DORADO

Close The Gaps Left By Traditional Vulnerability Management Through Continuous Monitoring Organizations Find Real Value With Continuous Monitoring

Cost Reduction & Engagement Survey

Security Solutions in the Aerospace/Defense Industry A Pinkerton Government Services White Paper

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

HOW CANDIDATE EXPERIENCE IS TRANSFORMING HR TECHNOLOGY

Recruiting Recovery Finding Hidden Budget Dollars in Optimized Recruiting Practices

Talent 2020: Surveying the talent paradox from the employee perspective The view from the Health Care sector

HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE

Developing a Mature Security Operations Center

States at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent

2014 CYBER INDUSTRY SURVEY

How To Win In The Human Age

management strategies

The global call center industry: What challenges? What solutions?

Workforce Planning Benefits

State of Compliance 2014 Healthcare provider industry brief

Department of Human Resources

Best Practices in IT Support Systems IMPROVING HELP DESK PERFORMANCE AND SUPPORT

NASSCOM Cyber Security Task Force Working Group Discussion Slides. June 10, 2015

Security Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary

Cybersecurity Skills Shortage: A State of Emergency

How To Be A Successful Cio

2011 Latin American Network Security Markets. N July 2011

W H I T E P A P E R C l i m a t e C h a n g e : C l o u d ' s I m p a c t o n I T O r g a n i z a t i o n s a n d S t a f f i n g

How To Understand The Benefits Of Mobility In An Enterprise

CHIEF INNOVATION OFFICER AUSTRALIA SUMMIT REPORT

Information Security Workforce Development Matrix Initiative. FISSEA 23 rd Annual Conference March 23, 2010

Odgers Berndtson Board Survey. Among CEOs in Denmark s largest corporations

Cybersecurity Credentials Collaborative (C3) cybersecuritycc.org

Baby Boomer Workforce Cliff

Total National Boston Charlotte Seattle Yes 72% 78% 60% 59% 71% No 27% 22% 38% 41% 28% Don t know / refused % 1% 1%

UX Professionals Salary Survey

Transcription:

SESSION ID: PROF-M01 Status of the Industry: 2015 Global Information Security Workforce Study MODERATOR: Julie Peeler Foundation Director (ISC)2 PANELISTS: Cheri Caddy Director for Cybersecurity Policy Outreach and Integration The White House Angela Messer Executive Vice President Booz Allen Hamilton Frank Dickson Research Director Frost & Sullivan @fdickson777 Elise Yacobellis Director of Global Development (ISC)² @yacsplace

Large Longitudinal Effort Global Information Security Workforce Study Respondents 13,930 12,396 10,413 2011 2013 2015

Diverse Respondent Representation Respondents by Region Respondents by Job Titles ROW C-Levels & Executives Asia Europe North America Security Analysts & All Other Job Titles Architects, Strategists, & Strategic Advisors Managers Auditors 3

Diverse Company Representation Respondents by Company Size (Number of Employees) Respondents by Industry Vertical Gov't Non- Defense Banking, Insurance & Finance Gov't Defense 10,000 or more 1 to 499 500-2,499 2,500-9,999 Other Private Enterprise Manufacturing Telecom & Media Healthcare Personal & Professional Services Information Technology 4

Let s talk about why you are here: Study Shows Salaries Increasing! $200,000 $180,000 $160,000 $140,000 $120,000 $100,000 $80,000 $60,000 $40,000 $20,000 US-Based Security Analysts in Private Sector (ISC)2 Members with CISSP Certification $0 $93,027 $94,316 $99,759 1.4% 2011 2013 2015 Average Annual Salary 5.8% Survey-over-Survey 7% 6% 5% 4% 3% 2% 1% 0% $200,000 $180,000 $160,000 $140,000 $120,000 $100,000 $80,000 $60,000 $40,000 $20,000 US-Based Security Analysts in Private Sector Non-Members without CISSP Certification $0 $76,402 $76,957 $81,301 0.7% 2011 2013 2015 Average Annual Salary 5.6% Survey-over-Survey 7% 6% 5% 4% 3% 2% 1% 0% 5

Key Themes of the 2015 Study Security Concerns Continue to Escalate Application Vulnerability Concerns Unmatched by Remediation Efforts Security Readiness Stuck in Neutral Even though we are spending more money Sprawl in Security Technologies is a Material Concern Growing importance of managed or outsourced security services Cloud adoption is no longer a question of if, but how much.

The Workforce Shortage What we can see... And, what lies beneath 7

What is a Shortage? Scarcity in a Free Market Price Surplus Supply P H P E P B Shortage Demand Q E Quantity 8

What is Shortage? Shortage in an Imperfect Market Price Supply Demand New Demand Curve Quantity 9

Workforce Shortage Indicators Churn Did you change your employer or employment status in 2014? (Percent of Survey Respondents) No change in employer or employment status in 2014 81% Yes, changed employer while still employed 14% Yes, changed employer due to a layoff or termination 3% Yes, became selfemployed 2% Across the 2011, 2013 and 2015 surveys, churn of nearly 20% is the highest that has been seen.

Workforce Shortage Indicators Churn Despite High Satisfaction Overall, how satisfied are you in your current position? (Percent of Survey Respondents) Very satisfied Somewhat satisfied Neither satisfied nor dissatisfied Somewhat dissatisfied Very dissatisfied Prefer not to answer 3% 2% 9% 11% 30% 46%

Workforce Shortage Indicators Increasing Compensation $200,000 $180,000 $160,000 $140,000 $120,000 $100,000 $80,000 $60,000 $40,000 $20,000 $0 US-Based Security Analysts in Private Sector (ISC)2 Members with CISSP Certification $93,027 $94,316 $99,759 1.4% 2011 2013 2015 5.8% 7% 6% 5% 4% 3% 2% 1% 0% Average Annual Salary Survey-over-Survey

Workforce Shortage Indicators Increasing Compensation 2015 Salary Distribution for All Security Professionals Americas Developing Countries 2013 Salary Distribution for All Security Professionals Americas Developing Countries Less than US$40,000, 33% Less than US$40,000, 46% 13

Workforce Shortage Indicators Staffing Perceptions Would you say that your organization currently has the right number of information security workers, too few, or too many? Too few 55.9% 62.2% The right number 32.3% 26.4% Don't know 9.9% 9.5% Too many 1.9% 1.9% 2013 2015 14

Workforce Shortage Indicators Staffing Plans Insufficient to Meet Need Would you say that your organization currently has the right number of information security workers, too few, or too many? Don't know 9.5% Too many 1.9% The right number 26.4% Over the next 12 months, do you expect the number of information security professionals in your organization to increase, decrease or remain the same? Don't know 2.5% Decrease 3.1% Stay the same 42.2% Increase 52.1% Too few 62.2% 15

Workforce Shortage Indicators Reasons Why Too Few Information Security Workers (Percent of survey respondents) Business conditions can't support additional personnel at this time 57% It is difficult to find the qualified personnel we require 37% Leadership in our organization has insufficient understanding of the requirement for information security 45% Other 5% 2013

Workforce Shortage Indicators Difficulties in Locating Qualified Personnel Reasons Why Too Few Information Security Workers (Percent of survey respondents) Business conditions can't support additional personnel at this time 45% 57% It is difficult to find the qualified personnel we require Leadership in our organization has insufficient understanding of the requirement for information security Other 5% 5% 2013 2015 37% 45% 45% 43% 20% difference Surveyover-Survey

Projected Information Security Workers Globally Workforce Size Estimate and Projection 7,000,000 6,000,000 Workforce Shortage Top Line: Demand-meeting Projection 5,000,000 4,000,000 3,000,000 Middle Line: Security Professionals Hiring Projection 2,000,000 1,000,000 Bottom Line: Supply-Constrained Projection 0 2014 2015 2016 2017 2018 2019

Workforce Shortage Effects What is the impact of your organization's shortage of information security workers on each of the following? (Selected as Top 2 on a 5-point Very Great Impact-to-No Impact at All Scale) On the existing information security 71% On the organization as a whole 59% On security breaches On customers 50% 48%

Workforce Shortage Effects Security professional efficiency & Outsourcing Technology leverage to reduce security professional workload Pushing security tasks to IT professionals, a force multiplier What you can see What you can t see Security tasks are getting left undone or performed sub-optimally 20

Question At what point do we stop using the term shortage and we use the word crisis instead?

Visit (ISC) 2 booth 108/109 for your copy of the report or www.isc2cares.org to download 22