Recently the ISSA (Information Systems Security Association) released the results of a survey they took in December 2018. There is a shortage of qualified cybersecurity professionals; not enough people are entering the field, and those with ten or more years of experience may be leaving the field due to stress, lack of a career path, and ineffective mentoring.
The survey sample included responses from 267 professionals with a wide range of experience and company size. According to the survey, here are the 10 most stressful aspects of the cybersecurity job:
- Keeping up with the security needs of new IT initiatives (40%)
- Finding out about IT initiatives/projects that were started by other teams within my organization with no security oversight (39%)
- Trying to get end users to understand cybersecurity risks and change their behavior accordingly (38%)
- Trying to get the business to better understand cyber risks (37%)
- The overwhelming workload (36%)
- Constant emergencies and disruptions that take me away from my primary tasks (26%)
- The fear of getting something wrong (25%)
- Keeping up with internal and regulatory compliance audits (25%)
- Monitoring the security status of third parties my organization does business with (24%)
- Sorting through the myriad of security technologies used by my organization (17%)
The report comes to some notable conclusions:
- Cybersecurity teams are participating in data privacy efforts but may not be up to the task.
- Cybersecurity professionals are dedicated to their craft but need some career guidance.
- Knowledge, skills, and abilities (KSA) development depends upon face-to-face interaction.
- Job satisfaction depends upon an organizational commitment to cybersecurity.
- Training and skills development remain a problem.
- CISOs need to be more active with business executives.
- The virtual CISO position (vCISO) is an attractive career option.
- Lacking employee security awareness training and a growing workload lead to security incidents.
- ISSA members are pessimistic about cybersecurity in general.
- The cybersecurity skills shortage is not improving.
- It’s a “seller’s market” for cybersecurity talent.
Even though the profession is making progress, it is not always keeping up with the pace of change or the abilities of the adversaries. This should be a concern not just to IT managers, but to business managers as well.