maxoidos - Fotolia
It’s critical that we see more InfoSec training to address the cyberskills gap, and we need higher adoption of those career skills across the IT workforce. Yet, that isn’t happening fast enough, and the question is: Why hasn't the "technology generation" signed up for the InfoSec challenge?
People under 35 have grown up in a digital world and find most of what they need (quickly) on the Internet. And they expect it to be available for use at little-to-no cost (open source). InfoSec may be a hard sell to individuals who conduct their lives online and, for the most part, don’t worry about it that much.
Research indicates that Millennials have shown interest in computer science and technology careers. One in four of the 1,000 U.S. adults (aged 18 to 26) polled in a 2014 Raytheon-NCSA survey said they wanted to become cybersecurity professionals. The problem? Researchers also found: "Millennials are interested but unprepared to enter the cybersecurity profession, uncertain about the responsibilities of someone in this job and lack mentors to help bridge the gap."
The bar has also been raised by advanced threats that require knowledge and analytical skills far beyond conventional IT security. A KMPG study of organizations in the U.K. in October showed that upwards of 50% of companies would be willing to have their security teams interact with a hacker or hire someone with a criminal record to address their skills shortage. Can hacking and the problem-solving skills that go with it be taught or credentialed? Or is it a matter of finding talented people (from Red Alert countries), who know how to get access to unauthorized data and can help to protect it? In this issue of Information Security magazine, we dig deeper into the global hiring crisis and look for answers.
In our cover story this month, industry veteran Michael Cobb looks at business and technical controls that can help expand identity and access management programs to non-employees, so you don’t lose sleep over orphaned accounts and subcontractors with elevated privileges.
As mobile-first strategies gain wider adoption, many CIOs are also recognizing that while mobile device management and security technologies play a role, coherent policies are the key to harnessing the benefits of the BYOD phenomenon. Technology journalist Alan Earls reports on BYOD policies that work for users and security.
Finally, if you like being an InfoSec professional, spread the word to a few Millennials.
Kathleen Richards is the features editor of Information Security magazine. Follow her on Twitter: @RichardsKath.