The current gap in the supply and demand of information-security workers will only widen over the next five years, as the expansion of the Internet of things will make the Web infrastructure even more complex and challenging to defend, Cisco managers stated on June 10.
The shortfall in security staff and managers has been a critical issue for the global economy. While outsourcing business processes to the cloud has ameliorated the problem to some extent, the increasing complexity of information infrastructure, lack of visibility into cloud services and the rapidly expanding number of devices connected to the Internet of things have all made the shortage of corporate security experts more critical, Sujata Ramamoorthy, director for global information security for Cisco's Threat Response, Intelligence, and Development (TRIAD) group, told eWEEK.
"These trends are what are fueling the need for additional security skills in the industry, and because the networks themselves are getting more complex, the applications communicating over them are getting more complex," she said. "Business overall, as we know it, is evolving."
An estimated 1 million information-security staff and managers are needed to fill the current global demand, according to Cisco's 2014 Annual Security Report. Cisco's number is the highest estimate of the security-skills problem: James Gosler, a cyber-security specialist who worked at the Central Intelligence Agency, has argued that the United States needs some 30,000 technical cyber-security workers, essentially hackers.
Meanwhile, the International Information Systems Security Certification Consortium has calculated that more than 300,000 cyber-security professionals are needed to maintain and manage business systems.
With online crime and cyber-espionage causing hundreds of billions of dollars of losses to the worldwide economy each year, demand for front-line defenders will only increase, according to Cisco. In addition, the growing volume and subtlety of attack data will also mean that tomorrow's security practitioners will need to have data analysis skills.
"Diving into available data will yield insights that are not otherwise possible," the company's Annual Security Report stated. "Over time, intuition about what parts of the data to explore will develop. Some organizations may even find they can benefit from having dedicated data scientists on their teams."
Yet, because of the pervasiveness of information systems, security knowledge and expertise are not just needed by specialists but also by average users, Ramamoorthy said. Cisco is focusing its training on that audience, as well, she said.
"We need to advance the skills set of the entire community, not just network engineers or security people, but users of the critical infrastructure that nations use," she said. "In the end, we want for everyone to improve their security knowledge, and apply it in their jobs.