Information Security Workforce to Reach 2.8 Million
The International Information Systems Security Certification Consortium (ISC)2, a nonprofit organization that educates, qualifies and certifies information security professionals around the world, and global industry analyst firm IDC project that the numbers of the global IT security workforce will swell to 2.1 million by 2008, according to a recent study conducted by both organizations. If realized, this would be an increase of more than 60 percent from the current total of 1.3 million information security professionals.
“Wireless, data storage, voice over IP—some of those emerging areas—all have security implications for the organization that need to be addressed,” said Allan Carey, program manager at IDC. “Security is not a static environment. If you’ve watched the threat environment and all the statistics that come out on a regular basis, the situation is not abating. In fact, the threat environment continues to evolve and become more harmful all the time.”
Carey said that an interesting finding of the study was the diversity of the information security field, in terms of the industries in which information security professionals work, the kinds of business that hire them and the backgrounds of respondents themselves. The majority of those who replied had a bachelor’s degree or higher; had an average of 13 years of general IT experience, as well as between eight and nine years of security experience; held at least one vendor-neutral certification; and held at least one vendor-specific credential.
“We always think that information security professionals are employed by only large organizations, those that have large IT staffs,” said Carey, but added that nearly 30 percent of respondents came from firms with less than 1,000 employees. “What that indicates to me is that information security is no longer just a large enterprise issue. Organizations of all sizes have a need for security and are hiring information security professionals to meet this need.”
“Another interesting piece of demographic information was the various industries that (respondents) work in,” he added. “More than 25 percent came out of the professional services industry.” Government, banking, finance and insurance organizations are other big players information security. In particular, there is high representation among industries deemed critical by the Department of Homeland Security. Although regulatory compliance industries (health care, government, utilities) will continue to be big drivers of growth in information security hiring, growth will occur across various industries, Carey said.
The nations of the Asia-Pacific region, with the exception of Japan, will witness particularly rapid growth in their information security workforce. “There are macroeconomic conditions that could influence what that looks like, but, with that being said, the Asia-Pacific market represents a significant opportunity,” Carey said. “They’re starting out from a smaller base of information security professionals than the rest of the world. Countries like India and China represent a tremendous IT investment opportunity as they build their infrastructures. As they do that, there’s obviously a need to build up those infrastructures in a secure manner.”
However, even with all of this job creation and additional hiring, future demand for qualified IT security workers might not be met. “Right now, within the marketplace, there is a shortage of qualified information security professionals,” Carey said. “There are a number of organizations right now looking for talented, qualified individuals with information security experience, and they’re having a hard time finding these individuals. Part of the way to help alleviate the situation is to invest in more training and get the proper certification in information security to be able to successfully move into that field.” He added that many colleges and universities also were placing greater emphasis on information security in their IT curricula.
More than 97 percent of respondents had moderate to very high expectations for career growth, and their optimism is utterly justified. Information security professionals probably will be able to look forward to a long period of growth because their roles in organizations are so vital. “It’s not something that’s going to go away in the near future,” Carey said. “There will always a demand to protect the organization, to protect its employees, its intellectual property and its assets as long as we live in this interconnected world.”