Cybersecurity Skills Haves and Have Nots

I’ve written a lot lately about the cybersecurity skills shortage. For example, 25% of organizations claim that they have a problematic shortage of IT security skills. On an industry basis, 36% of government agencies say they have a problematic shortage of IT security skills, followed by 29% of manufacturing companies, and 28% of financial services firms.

ESG often builds a segmentation model as part of its research projects to further analyze survey data. The segmentation model divides the total survey population into 3 distinct groups: Advanced organizations (i.e., those with the most cybersecurity resources and strong security policies and processes), progressing organizations (i.e., those with marginal cybersecurity resources and adequate security policies and processes), and basic organizations (i.e., those with fair/poor cybersecurity resources and inadequate security policies and processes). Typically, advanced organizations make up around 20% of the survey population, progressing organizations represent around 60% of the survey population, and basic organizations account for the remaining 20%.

Topics: Cybersecurity Information and Risk Management Security and Privacy Security Enterprise SANS skills shortage ISC2 NICE CISO NIST

Information Security: A Sobering Topic at VMworld

The technology industry is about to come together next week for VMworld in San Francisco. In the span of a few short years, this show has become a real showcase of the latest and greatest IT technology and industry vision. At VMware, every company wants its IT department to look like Amazon, Google, or Zynga, running applications on fully-automated and orchestrated cloud computing platforms, and easily managing thousands of servers and petabytes of data across multiple data centers.

Topics: Cloud Computing Microsoft VMware Private Cloud Infrastructure Information and Risk Management Security and Privacy VMworld Citrix SANS ISC2 CISO Server Virtualization IT skills security skills Public Cloud Service

Biggest Information Security Management Challenges for Enterprise Organizations

In the recently-published ESG Research Report, Security Management and Operations: Changes on the Horizon, ESG surveyed 315 security professionals working at North America-based enterprise organizations (i.e., more than 1,000 employees).

Topics: IBM Microsoft Information and Risk Management HP McAfee Enterprise Software Oracle Security and Privacy risk management sap SIEM SANS ISC2 RSA Security Security Management security operations CISSP Tibco

Information Security Budgets Will Increase in 2012

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year. Our 2012 IT Spending Intentions survey is set to be published soon, and I got a peak at the data recently. Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

Topics: IBM Network Security Check Point Cisco Information and Risk Management Juniper Sourcefire FireEye HP McAfee Security and Privacy SIEM Symantec ISC2 Damballa Unisys security skills IT security spending

Information Security Skills Shortage Continues

Like other analyst firms, ESG conducts research on IT Spending Intentions annually. The latest 2012 report will be published soon, but in the meantime, I've taken a look at the data that will be included. One of the things we track is IT hiring plans in all areas including IT security.

Topics: Information Security Cybersecurity Information and Risk Management Security and Privacy federal government ISC2 NIST security services CISSP security skills cloud security