Majority Of Firms Have No Dedicated IT Security Staff
Despite all the hype over the demand for information security professionals, the reality in the job market may be a very different thing, according to security firm Spiceworks.
In its latest study, Spiceworks found that 55 percent of organizations do not have access to any IT security professionals at all, whether internal or third-party. Making matters worse, a majority of those firms have no intention of hiring or contracting with one in the next 12 months.
Where are security pros working then? Some 29 percent of organizations report that they do indeed have security professionals on staff in the IT department. Another 7 percent say they have them employed in another department, and 7 percent have one on the executive team.
But how good are the security professionals that are drawing a paycheck? That question may be hard to answer, if you use professional certifications as a benchmark.
According to the Spiceworks study, of 1,000 security professionals polled, 67 percent said they have no certifications at all. Of those that do, the most commonly held certification is the basic CompTIA Security+ certification (cited by 17%); the more comprehensive CISSP (cited by 2 percent); and the CEH (cited by 1 percent).
All of these numbers may fly in the face of whether information security is viewed as a priority for management. According to the study, when security pros were asked who views it as such in their organization, 73 percent said the CIO and senior IT leadership does. The numbers drop to 56 percent and 54 percent respectively for CTOs and CEOs. And less than 50 percent said security was a priority for the CFO, COO or CMO.
How do these numbers translate into the organization putting its money into security investments? Only 6 percent of organizations have made strong investments in IT training to protect against cyberattacks in 2016. Another 18 percent indicated they are “very open” to making such investments. Some 57 percent said they are “somewhat open,” but it would take some convincing to really open the purse strings.