Ask Me Anything: Cyber-security and Skills Gap
John McCumber, this months Microsoft Expert. John McCumber is a retired US Air Force officer and former Cryptologic Fellow of the National Security Agency. During his military career, John also served in the Defense Information Systems Agency and on the Joint Staff as Information Warfare Officer during the Persian Gulf War. He currently serves as the Director of Cybersecurity Advocacy for (ISC)2 where he educates policy makers about key security issues, promotes the necessity of a competent cybersecurity workforce and builds awareness about cybersecurity as a rewarding career opportunity.
This months AMA topic will be “The Information Security Skills Gap and How We'll Overcome It”. The 2017 Global Information Security Workforce Study by (ISC)2 predicts that we are on pace to reach a cybersecurity workforce gap of 1.8 million by 2022, meaning there will be nearly 2 million positions that cannot be filled due to a lack of qualified cyber talent.
Details to Participate:
To participate in this months AMA, Start asking questions on this thread August 21st and tune in for the AMA event on August 29th, 9-9:30am PST. The top Kudoed questions will be answered first.
To ensure you do not forget, please download the calendar invite below! This will be a live session, so a Skype link will be included in the invite. John will be giving a live talk for the first 15 minutes, and will be answering live questions for the remainder. In addition, he will be answer questions posted directly to this thread leading up to teh event. A recording of the session will be made and posted on MPC later that day, including written material embedded in the post as well.
- 2017 Global Information Security Workforce Study
- Hiring and Retaining Top Cybersecurity Talent
- The (ISC)2 Cybersecurity Lexicon
- The (ISC)2 Industrial Control System Lexicon
- Untapped Talent: Women in Cybersecurity (infographic)
- Innovation Through Inclusion: The Multicultural Cybersecurity Workforce
'See' you there!
-Your Microsoft Partner Community (MPC) Team
There are arguments that the skills are there, but the salary is not. Many people want that highly skilled individual, but do not want to pay them what they are worth. Security is a booming field with a lot of people trying to get in and become those qualified individuals.
However, my question is - how well rounded would the typical security position be? There are a lot of different specialities (as a previous comment suggests). While I believe most security folks should know their advesary and know what to protect themselves from, I don't think they need a deep dive in pen testing. Same with a pen tester knowing policies and typeical procedures, etc.. to know what controls could be bypassed. For a decent security engineer, what kind of qualifications would you suggest, what certifications, and length of experience?
- Monitoring and detection;
- Pen Testing / Ethical Hacking;
- Secure application development;
- Forensics and IR;
- Architecture and operations;
- Automations and deployment;
- Systems Management;
- Network Management;
- Communications management
- Database Management;
- Policy and Governance;
... At one point in my career, I've been asked to wear most of those hats. It leads to a quick burnout.
Great topic! This is on everyone's lips nowadays!
Improving Cyber-security is both a great and very profitable business opportunity but also great for society! In fact, it is super-important that we take this seriously in order to preserve the integrity of democratic elections and to fight crime (often financial crime).
This is a space that I'm watching as I'm looking for new business ideas around Cyber-security as a service (I love recurring revenue business models).