At the halfway point of this year, and at one of the main conferences in our industry, Infosecurity released its State of Cybersecurity Report. This was the second year running that Infosecurity carried out this research and the findings were released at Infosecurity Europe. The concept behind the report was to produce an editorially-independent survey of the industry and determine what the most common trends were.
Unlike some other reports that Infosecurity comes across, where the research is outsourced and often sponsored to better promote a product or service, Infosecurity’s aim was to create a report with a clear intention and research path. Therefore, when this year’s research was completed, we had interviewed 60 industry professionals from a variety of roles, including: CISO, CEO, managing director, SOC manager, security evangelist and many more. From those interviews, we determined 31 distinct trends, which included: five top trends, five ‘lower’ trends and eight ‘single response’ trends.
The full report is available to download from our website. From this research, it was of particular interest to me to learn how the trends that came to light are affecting the next generation of cybersecurity professionals, impacting what is being taught and outlining the obstacles they are coming up against.
Therefore, at the beginning of July, Infosecurity conducted a new set of questionnaire-based research, asking a series of questions to a set of ‘next generation’ cybersecurity pros/students around the trends featured in our 2019 State of Cybersecurity Report. Also participating in this research was Cyber Security Challenge, whose white hat community contributed answers to the research. Therefore, most of the answers received were anonymized.
"I would expect any job to provide training to help new employees grow in areas that their job role will benefit from"
The first question we asked related to the top research finding that ‘technology troubles’ were the biggest concern. Now, we appreciate that new people won’t have had major experience working with technology, so instead we asked: do you feel you will be ready to deal with threats with the knowledge and experience you have? We had 26 responses to this question, with 15 either saying “yes” or giving an otherwise positive answer, with common answers along the lines of “with the right team, yes.”
In contrast, 11 respondents gave a negative response, with views including “it’s a mistake to always be chasing the newest and exciting threat vectors at the expense of leaving an area of your defense to stagnate.” This sort of perspective was common, and another respondent said “99% of attacks are the result of negligent security practices, the remaining 1% are more targeted corporate espionage.”
“I would also expect to do a lot of personal study in my own time”
Another popular trend coming out of this year’s research was compliance, which was also the top trend in our 2018 research. We asked the respondents if they were aware of the demands of compliance frameworks, what they mean, and how they’re different. In particular, we named GDPR, PCI DSS and PSD2 as the main compliance frameworks. Again, the response was relatively positive, with 20 of the 25 people responding confidently. One respondent said: “I feel within university there is a lack of education around these topics, whilst often at conferences it is spoken about a lot” whilst there is also research and reading available to find out more.
Even though there was a generally positive response to this question, it was a concern that some of those respondents felt the need to do extra research to answer our question.
"I feel within university there is a lack of education around these topics, whilst often at conferences it is spoken about a lot"
Another question we asked was whether respondents would expect a company to train them on the job in those skills needed for compliance and cloud? We got 27 responses to this, and 22 were positive, saying “I would expect any job to provide training to help new employees grow in areas that their job role will benefit from,” while a respondent added “I would also expect to do a lot of personal study in my own time.” Again, this showed that there is a need for people to learn on their own time and money to get ahead.
One question we asked which got a split response was around job ads for roles in cybersecurity and if respondents require unachievable levels of experience and qualifications, to which 15 individuals responded negatively, whilst 12 were more positive. This question was relevant as too many reports have been made about applicants needing specific certifications or experience for certain positions, or having certifications that require certain levels of experience. Whilst our sample set was small, it does show that this is still a problem to be overcome.
This research will be an ongoing project for Infosecurity for the next few months, and will be presented at some of the upcoming conferences. Until then, know that the next generation of cybersecurity professionals are eager to learn, aware of the challenges and well-prepared for what a cybersecurity career will throw at them.