Automating the InfoSec Career PathNew Online Tool Aims to Provide Tailored Career Advice
Candy Alexander blames the deficit in the number of skilled IT security professionals on the way organizations reactively respond to cybersecurity challenges.
"We're always responding to hiring staff because of this outbreak or that vulnerability or whatever data breach," says Alexander, a board member and distinguished fellow at the Information Systems Security Association, a 10,000-member cybersecurity professional group. "We are reactive and there has been no proactive growth for our profession."
ISSA hopes to help change that situation. Alexander is leading an ISSA initiative to assist IT security professionals shape their careers that she says, in turn, will help fill the skills gap many enterprises face.
The initiative is known as the Cybersecurity Career Lifecycle that maps five levels of the IT security career lifecycle: pre-professional (students, young adults, career changers), entry (up to three years of experience), mid-career (three to five years), senior (six or more years) and executive (those seeking leadership roles).
For each level, the framework would provide a common definition of the responsibilities and required knowledge, skills and aptitudes, known as KSAs. Each report will explain how to be successful in each level; and how to get from one career stage to the next. Each level can have multiple tracks and path options.
Personalized Career Path
ISSA will soon rollout a website where members can answer survey questions about their experiences and goals. The assessment tool will generate a tailored skills and career-level analysis and offer a personalized career plan for each individual professional.
Candy Alexander assess the evolution of the IT security profession..
Eventually, Alexander says, the automated assessment will be used to help identify mentors to help counsel people in building their careers. ISSA already offers mentoring through its local chapters, but the new technology would allow the association to put more structure around its mentoring programs, she says.
For instance, Alexander says, some of the larger chapters don't have enough leaders to help mentor all of their members. Through the new tool, she says, "you'll have the option to mentor locally or virtually."
Alexander says ISSA should inaugurate the interactive survey in the coming months, though she couldn't provide a precise timetable.
There's no cost to take the survey and receive the customized careers report, but initially it will only be available to ISSA members. ISSA student membership costs $30 a year. Membership to ISSA is $100 annually, plus another $100 to $150 for local chapter dues, depending on locality.
Critical Shortage of Qualified Expertise
The demand for IT security skills is strong. Citing a Cisco report, ISSA contends some 300,000 to 1 million cybersecurity jobs worldwide remain vacant, and points to a U.S. Bureau of Labor Statistics study that predicts a 22 percent growth in IT security employment by 2020.
The problem in attracting individuals to the IT security profession and helping them build a cybersecurity career is a global one. In a statement issued with the announcement of the careers framework, ISSA International Director Geoff Harris, who heads a British consultancy, cites a recent study that shows that one-third of IT security pros come from other fields.
"The window of entrants is narrowing, and there are limited opportunities for candidates with generalist IT qualifications," Harris says. "There is a real need for better entry routes into cybersecurity-specific careers and for more defined career paths in order to build a bigger and more diverse pool of skilled professionals that organizations can choose from."
Correction: An earlier version of the story incorrectly attributed to Symantec the number of vacant IT security jobs, estimated to be 300,000 in the U.S. and 1 million worldwide. Cisco was the source for those figures.