Automating the InfoSec Career Path

New Online Tool Aims to Provide Tailored Career Advice
Automating the InfoSec Career Path
Candy Alexander

Candy Alexander blames the deficit in the number of skilled IT security professionals on the way organizations reactively respond to cybersecurity challenges.

See Also: Case Study: Live Oak Bank Tackles Cloud Security with Orca Security

"We're always responding to hiring staff because of this outbreak or that vulnerability or whatever data breach," says Alexander, a board member and distinguished fellow at the Information Systems Security Association, a 10,000-member cybersecurity professional group. "We are reactive and there has been no proactive growth for our profession."

ISSA hopes to help change that situation. Alexander is leading an ISSA initiative to assist IT security professionals shape their careers that she says, in turn, will help fill the skills gap many enterprises face.

The initiative is known as the Cybersecurity Career Lifecycle that maps five levels of the IT security career lifecycle: pre-professional (students, young adults, career changers), entry (up to three years of experience), mid-career (three to five years), senior (six or more years) and executive (those seeking leadership roles).

For each level, the framework would provide a common definition of the responsibilities and required knowledge, skills and aptitudes, known as KSAs. Each report will explain how to be successful in each level; and how to get from one career stage to the next. Each level can have multiple tracks and path options.

Personalized Career Path

ISSA will soon rollout a website where members can answer survey questions about their experiences and goals. The assessment tool will generate a tailored skills and career-level analysis and offer a personalized career plan for each individual professional.

Candy Alexander assess the evolution of the IT security profession..

Eventually, Alexander says, the automated assessment will be used to help identify mentors to help counsel people in building their careers. ISSA already offers mentoring through its local chapters, but the new technology would allow the association to put more structure around its mentoring programs, she says.

For instance, Alexander says, some of the larger chapters don't have enough leaders to help mentor all of their members. Through the new tool, she says, "you'll have the option to mentor locally or virtually."

Alexander says ISSA should inaugurate the interactive survey in the coming months, though she couldn't provide a precise timetable.

There's no cost to take the survey and receive the customized careers report, but initially it will only be available to ISSA members. ISSA student membership costs $30 a year. Membership to ISSA is $100 annually, plus another $100 to $150 for local chapter dues, depending on locality.

Critical Shortage of Qualified Expertise

The demand for IT security skills is strong. Citing a Cisco report, ISSA contends some 300,000 to 1 million cybersecurity jobs worldwide remain vacant, and points to a U.S. Bureau of Labor Statistics study that predicts a 22 percent growth in IT security employment by 2020.

The problem in attracting individuals to the IT security profession and helping them build a cybersecurity career is a global one. In a statement issued with the announcement of the careers framework, ISSA International Director Geoff Harris, who heads a British consultancy, cites a recent study that shows that one-third of IT security pros come from other fields.

"The window of entrants is narrowing, and there are limited opportunities for candidates with generalist IT qualifications," Harris says. "There is a real need for better entry routes into cybersecurity-specific careers and for more defined career paths in order to build a bigger and more diverse pool of skilled professionals that organizations can choose from."

* * *

Correction: An earlier version of the story incorrectly attributed to Symantec the number of vacant IT security jobs, estimated to be 300,000 in the U.S. and 1 million worldwide. Cisco was the source for those figures.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.