October is National Cyber Security Awareness Month, designed to educate and raise awareness on cybersecurity.

This post first appeared on Information Security Career Central, powered by Capella University. Information Security Career Central is devoted to sharing accurate, up-to-date information about hiring trends, job types, skills development, industry certifications, educational opportunities, and other subjects related to information security.


The workforce shortage in information security has been growing for some time and, as a new (ISC)2 study shows, will likely reach an alarming 1.5 million shortfall in just five years. Frost & Sullivan, who conducted the survey in partnership with (ISC)2, notes that this projected shortfall is not an indication that hiring will stop or that employers are lacking the will or budget to make necessary hires. The shortage will likely be caused by a lack of security professionals in the field.

Of the nearly 14,000 information security professionals who completed the survey, 62% stated that their organizations had too few information security professionals (up from 56% in the 2013 survey). While the study projects a global increase of nearly 200,000 information security professionals within just the next year, this growth will not match pace with the rising demands of keeping data safe.

Due to the value of personal, financial, and health information, cybercriminals are a growing threat—and their methods continue to show a high level of sophistication and variety. These increasing threats require a workforce with an equally high degree of qualifications to prevent and respond to attacks. The predicted shortages will have a significant effect on organizations and their ability to withstand the continuous onslaught of intrusions, hacks, and breaches.

Although survey respondents project increased spending in training and education and a high degree of job satisfaction, there are concerns about organizational decision-making regarding information security. Vulnerability mitigation during the product development and production process could reduce risk, but these processes are not routinely put into place. Additionally, concerns with product end-users and their ability to contribute to information security are significant.

The survey notes that problems caused by the workforce shortage are showing already. Respondents stated that configuration mistakes and oversights are a real concern. Incident response times are growing. Rather than work to proactively prevent security breaches, information security professionals are forced to react, recover, and address threats as they occur.

Frost & Sullivan conclude the report with a call to developing and implementing a holistic solution to these problems. Implementing organizational policies that support that information security, creating an IT culture that values security, and attracting information security professionals who are up to the challenges of the work can help us create a future where our valuable protected data is truly secure.


Capella University offers bachelors, master’s, doctoral, and certificate programs in information assurance and security.


Visit Information Security Career Central for events, news, industry trends, and more.

Reprinted with permission. Original post here.


* Disclaimer