Ten years on - how security professionals turned from techies into leaders

The cybersecurity profession is changing beyond all recognition from a narrow specialism based on technology into a wide-ranging profession encompassing people, processes and policies and reaching into every area of business from training room to boardroom.


The cybersecurity profession is changing beyond all recognition from a narrow specialism based on technology into a wide-ranging profession encompassing people, processes and policies and reaching into every area of business from training room to boardroom.  The cybersecurity employee of the future may be as likely to have a degree in business management or social sciences as in IT, have the ability to form partnerships inside and outside their enterprise, and be as comfortable in the boardroom as in the IT department.

As (ISC)2 launches its 2015 Global Workforce Survey (click here to take take part) a look back at the survey's first decade can help us understand what the cybersecurity workforce may look like in future.

The changing nature of the profession became apparent in our very first Global Workforce study in 2004. Increasing government regulation as well as technological change were driving demands for cybersecurity teams to display business acumen, help train and educate staff, and fulfil legal and compliance requirements - a shift in emphasis from the traditional focus on technological solutions to a more holistic approach. Already cybersecurity was moving out of its techie bunker into the wider business and turning into a cross-sector discipline incorporating policies and people.

By 2006, with a growth in cyber threats, cybersecurity was extending its reach into the upper echelons of industry, with 67 percent of security personnel successfully influencing management decisions and 73 percent believing that they could drive change across their organisation, signalling a dramatic expansion in the power and status of the cybersecurity professional. On average 41 percent of security budgets were being spent on personnel and training instead of technology.

In 2008 cybersecurity was claiming a seat the boardroom and influencing executive management, with 16 percent of industry professionals reporting directly into the board of directors and one third reporting directly to exec management (compared to just a fifth in 2004), as infosec was shifted from the periphery to the forefront of the corporate mind.  With the steady move of information security accountability outside the IT department, cyber teams were increasingly required to understand, manage and consult on the business implications of security.

In 2013, we began to see the traits of a new cybersecurity employee emerging; 91 percent of cybersecurity professionals now reported that communication skills were vital to their progression while 51 percent said that business management skills were crucial to success. This was a shift from the cybersecurity geeks of the past towards a new kind of hybrid cybersecurity employee with soft skills, business knowledge and managerial ability.

The survey data cumulatively points to an impending workforce revolution and the need for a game-changing approach to security that will require cybersecurity teams with unprecedented skill set diversification and the ability to partner with complementary organisations inside and outside their own enterprises.

This is being driven by an array of factors that will facilitate a more collaborative and risk-based approach to infosecurity than ever before, from the formation of new B2B and B2C relationships in the market to the rise of big data analytics allowing organisations unprecedented insight into security risks.

All the signs are that, if public and private sector are to successfully transform their security practices and address the global cybersecurity skills shortage, recruiters must look beyond the traditional cybersecurity C.V. and take into account the new personnel traits needed to drive an effective transformation in their organisation.

For over 10 years the (ISC)2 global Information Security Workforce Study (GISWS) has established a comprehensive understanding of the role you play in promoting a safe and secure cyber world. This valued benchmark increasingly referenced by governments and businesses around the world reveals how the profession prioritises spending, manages emerging technologies, and views the most pressing concerns effecting cybersecurity

It is also instrumental in highlighting issues to be addressed including the effects of a growing skills gap on the front lines security practice, the proliferation of software vulnerabilities, and developing business impressions.

Now it’s your turn.  Make sure we include your perspective by registering to take part here and you could be the lucky winner of one of SIX iPads being given away around the world.

Adrian Davis, European MD at (ISC)2

"Recommended For You"

Why infosecurity needs women Government Cyber Security Strategy: Heart in the right place but...