photo-dave - Fotolia
A recent statistic shows that in the next seven years, the employment rate of security analysts will rise 37% in the U.S. Security hiring in general can be challenging, so how should organizations go about filling these specialized roles? Where can we look for this security talent?
According to a study from the U.S. Department of Labor, by 2022 the demand for security industry professionals will grow 37%. Throwing additional resources at a problem does not necessarily address or remediate it. Putting more border patrol on borders, more DEA agents to fight the war on drugs or more security guards surrounding critical infrastructures are typically reactionary nostrums.
The question remains, how can enterprises find security professionals to meet this demand? Security professionals need to have strong technical skills in information security, be well-versed in security monitoring and alert systems, have competent incident response program experience, be knowledgeable in the deployment of a risk based security program, and have experience in the deployment of next generation integrated security tools such as UTMand NGFWs.
So where can someone find information security professionals with the appropriate skill sets? There are numerous resources. One is LinkedIn where searches can be made by region, industry and title. Other resources include professional organizations such as ISSA, ISC2, ISACA, SANS and HTCIA. Each of these has certification programs such as CISSP, CISM or GSEC, and has resources for posting or announcing your interest in candidates. Local universities with degrees in technology, CIS and possibly information security are also good candidates; however they typically lack the experience requirements. Professional recruiters are also an obvious choice.
Possessing a certification does not guarantee the security professional has the skills needed for the job, but it does lay the foundation for the Common Body of Knowledge required. Subject matter experts (SMEs) can be hired based on the present need, but information security professionals today -- who are typically jack-of-all-trades in information security -- should strive to be an SME of at least one specialty.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Learn how enterprises can improve security hiring and attract talented CISOs.
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Mike O. Villegas
A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media ... Continue Reading
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises... Continue Reading
Yahoo reportedly rejected a forced password reset after numerous data breaches compromised user data. Expert Mike O. Villegas discusses whether this ... Continue Reading