This is too flat. I would question what the general message is. In fact, companies do not understand security, and they try to solve a business issue with techniques. And when they have hired top notch people, they don't follow their advice. Until something happens, and then the security guy takes the blame. This is funny.
This article is sad. It shows a significant lack of business knowledge from the writer. The article is confusing what a technician would do - firewalls, implementation..., as opposed to what an information security professional would do - privacy, governance, risk management. Separation of functions! The techs belong to the CIO and they implement. The InfoSec professionals are more business oriented (80% business acumen, 20% high-level tech understanding) and handle oversight, governance, risk management and compliancy. It's time to stop confusing the two. Implementing a firewall is NOT a security professionals job, it's a technicians job.
I am not surprised by the survey findings. I am only surprised by the conclusion that this will result in more jobs. We have known this for quite some time now. Companies just don't want to spend on security, unless they can pass the cost on to their customers. Additionally, there is a general lack of understanding as to what skills to look for. Wrong hiring decisions are made everyday. Training and education are great, but companies need to seriously assess their "information risk management" needs first. They also need to establish business goals for security. The entire core of senior managers must be on board and commit to cooperate with the security person/group. By the way, is there a study on turnover rate for security professionals?
The reality is that companies attempt various methods to skirt the legal requirements, cross their fingers and hope nothing happens, then when a loss happens play a cover up game. "We've been fine for the last three years and we doubt anything would happen now." Aside from hiring qualified talent, I've lost track of companies that place ads out for a Network, Systems, Desktop, and Security All-in-One Candidate. "We'd like you to handle all of these things, security will only be 5% of your work." Out of the hundreds of companies I've walked into, a majority of those do not want to spend on security and see it only as an added cost center. Some of the others see Information Security as the "Absolutely NO! Department", because the business side is not in line with the security mission or objectives. Needless to say, there are plenty of companies I will NOT do business with based on the fact that I've provided them an in depth risk and security assessment which they felt was better as shelfware since the cost of doing things right cut into profits. It's sad out there... it really is.
Numbers | Supply of IT Security Skills Doesn't Meet Demand
Employees, job candidates lack adequate expertise in security, firewalls and data privacy, according to survey of IT hiring managers
» View Article
This is too flat. I would question what the general message is. In fact, companies do not understand security, and they try to solve a business issue with techniques. And when they have hired top notch people, they don't follow their advice. Until something happens, and then the security guy takes the blame. This is funny.
This article is sad. It shows a significant lack of business knowledge from the writer. The article is confusing what a technician would do - firewalls, implementation..., as opposed to what an information security professional would do - privacy, governance, risk management. Separation of functions! The techs belong to the CIO and they implement. The InfoSec professionals are more business oriented (80% business acumen, 20% high-level tech understanding) and handle oversight, governance, risk management and compliancy. It's time to stop confusing the two. Implementing a firewall is NOT a security professionals job, it's a technicians job.
I am not surprised by the survey findings. I am only surprised by the conclusion that this will result in more jobs. We have known this for quite some time now. Companies just don't want to spend on security, unless they can pass the cost on to their customers. Additionally, there is a general lack of understanding as to what skills to look for. Wrong hiring decisions are made everyday. Training and education are great, but companies need to seriously assess their "information risk management" needs first. They also need to establish business goals for security. The entire core of senior managers must be on board and commit to cooperate with the security person/group. By the way, is there a study on turnover rate for security professionals?
The reality is that companies attempt various methods to skirt the legal requirements, cross their fingers and hope nothing happens, then when a loss happens play a cover up game. "We've been fine for the last three years and we doubt anything would happen now." Aside from hiring qualified talent, I've lost track of companies that place ads out for a Network, Systems, Desktop, and Security All-in-One Candidate. "We'd like you to handle all of these things, security will only be 5% of your work." Out of the hundreds of companies I've walked into, a majority of those do not want to spend on security and see it only as an added cost center. Some of the others see Information Security as the "Absolutely NO! Department", because the business side is not in line with the security mission or objectives. Needless to say, there are plenty of companies I will NOT do business with based on the fact that I've provided them an in depth risk and security assessment which they felt was better as shelfware since the cost of doing things right cut into profits. It's sad out there... it really is.
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK