Security Worker Shortfall Is Putting Organizations at Risk
Both government agencies and the private sector need more security people. The current scarcity puts the United States at risk, say experts.
SAN FRANCISCO—When asked whether their companies had as many information-security workers as they needed, attendees at the Cloud Security Alliance (CSA) Summit here just snorted and laughed.With stolen intellectual property and data breaches regularly making headlines these days, no company or government agency feels that they have the resources they need to secure their business, said Mark Weatherford, deputy undersecretary for cyber-security at the U.S. Department of Homeland Security (DHS), who asked the question during a keynote at the RSA Conference pre-show Feb. 25. In fact, security people are in such demand that Weatherford regularly steals workers from other agencies, he said. "What's the unemployment rate for a good cyber-security person? Zero," he said. "We are all familiar with the fratricide going on." Weatherford's statements came the day before the RSA Security Conference officially opened and underscored the serious shortfall the United States and its private sector faces in securing their systems. More than half of security professionals believe their companies' security staff should be expanded, compared to a third who believe they have enough staff, according to a Feb. 25 Frost & Sullivan report sponsored by International Information Systems Security Certification Consortium (ISC)2 and Booz Allen Hamilton. The number of executives who feel their security teams need help is even higher, with two-thirds of respondents with a C-level title indicating that their security organizations are understaffed, with midsize companies the most concerned.