The IT security industry threatens to be overwhelmed by cyber-threats if it doesn’t relax hiring rules, the Chartered Institute of Information Security (CIISec) has warned.
In one of its first pronouncements since being awarded a prestigious Royal Charter, the industry body argued that the sector is stagnating and ill-equipped to cope with an escalating skills crisis.
Global skills shortages in the sector stand at nearly three million, including 142,000 in EMEA, according to the most recent stats. Only 24% of current infosec staff are thought to be women.
CIISec’s own survey of information security professionals revealed that 89% of respondents were male, and 89% were over 35, pointing to a major diversity issue.
Much of the problem is that employers continue to prioritize technical experience and skills when hiring, despite the fact that two-thirds (65%) of respondents to the survey claimed that learning on the job is preferable, CIISec said.
That means the industry is missing out on a potential trove of able candidates who have gained commensurate skills in other fields.
“The expectation that security is purely a technical subject has led to a focus only on very specific individuals to fulfill roles,” said Amanda Finch, CIISec CEO.
“Even if we weren’t in the middle of a skills crisis increased diversity should be a priority, but the present situation makes it critical. Expanding the industry’s horizons isn’t only essential to make sure the industry has the skills it needs. It will give a whole range of individuals the opportunity to thrive in a new career, and in the long term protect the industry from stagnation by introducing more varied backgrounds.”
To attract more diverse candidate, the industry needs to do a better PR job of explaining awareness of the opportunities on offer.
Some 86% of industry professionals said the industry will grow over the next three years and 13% predicted it will “boom”.
“Key to all this will be both organizations and individuals having a framework that can show exactly what skills are necessary to fulfil what roles,” Finch continued.
“This will not only help hire the right people. It will also mean that it the routes to progress through an individual’s career are clearly marked, ensuring that individuals who enthusiastically join the industry don’t over time become jaded or burn out due to a lack of opportunity.”
However, there have been PR setbacks: last week it emerged that Rebecca Burke, a former program lead that helped manage TalkTalk’s recovery from a major breach, was preparing to bring a landmark equal pay and unfair dismissal case.