(ISC) 2 2015 Global Information Security Workforce Study (GISWS) Results U.S. Federal Government.

Slides:

Advertisements

Similar presentations

2014 IT Salary Survey: Government Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

Advertisements

Action Plan Skills Building: Module 2 Defining Action Plan Purpose and Scope January 2013.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

UPDATE: “Military & Defense Sector” OEA Grant and Defense Industry Adjustment Program Presentation to the Washington Economic Development Association 4.

CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.

 Team name: Teen Titans  Team member: Viet Ha Bui (Leader) Thuc Anh Nguyen Hai Phuong Nguyen  Country: Viet Nam.

Work2future Workforce Investment Board October 2, 2012.

National Infrastructure Protection Plan

Dark Reading Threat Intelligence Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

1 Introduction to Workforce Planning and Development in State of Alaska Executive Branch Departments.

2015 GLOBAL CYBERSECURITY STATUS REPORT Global Cybersecurity Status Report Companies and government organizations worldwide are focusing on cybersecurity.

2014 IT Salary Survey: Application Development Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

2014 IT Salary Survey: Healthcare Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

2014 IT Salary Survey: Banking Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

Anil Kashyap and Jim Berry The 3 rd ERES Education Seminar, Paris 7-8 th December, 2007 Real Estate Education in India.

GOOD DAY AT WORK: CONNECTING WELL BEING & THE BUSINESS AGENDA Ann Francke, CEO of CMI  Ttle.

Federal Consulting Group August 2004 Department of Labor Civil Rights Center 2004 Satisfaction Study - Recipients.

2014 US IT Salary Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

2014 IT Salary Survey: Networking Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

Providing Practical Solutions Winning the Talent Wars for Recruiting and Retaining 21 st Century Cyber Engineers Jeff Kubik, PMP, CISSP Sr PM, Praxis Engineering.

2014 IT Salary Survey: Insurance Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

CII Group Skills Survey 2009 slide 1 CII Group Skills Survey 2009.

New Jersey on Global Health Public Opinion Polling January 2011.

2014 IT Salary Survey: Security Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

National Skills Certification Project Regional Employer Roundtable 1.

08/2009 The Benefits of Mentoring. Mentoring Mentoring has evolved in the workplace to be less about bosses grooming their handpicked successors to being.

Registration Survey Prepared October 10, 2012 Analysis.

Human Resource Management Gaining a Competitive Advantage

Energy Workforce Report BUILDING THE FUTURE ENERGY WORKFORCE.

CERCA Practitioner Survey Report FTA FedState E-File Symposium May 3, 2000.

1 Corporate Leaders and America’s Workforce on Domestic Violence Summary of Findings EMBARGOED UNTIL SEPTEMBER 25TH AT 10AM.

2014 IT Salary Survey: Executives Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

MSDE – Construction and Development Teachers Professional Development Workshop October 21, 2011.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’

(ISC) Global Workforce Study U.S. Government Results May 7, 2013.

Tulane University 1 Tulane University Employee Satisfaction Survey Results October 2012.

Los Angeles / Orange County Regional Consortium Public Sector Workforce Challenges & Opportunities July 18, 2007.

IPv6 Survey: Taking the Federal Pulse on IPv6 Summary Results Market Connections, Inc. June 2006.

(ISC) Global Workforce Study Results Overview Regional Report: Europe, Middle East & Africa March 23, 2015.

Leadership Pulse™ Energy and Age Dr. Theresa M. Welbourne Preliminary Report April, 2006 the measure of your success.

Clean, Green, and on the Same Team! How Economic and Workforce Development are Partnering to Serve an Emerging Regional Industry.

© 2012 Market Connections, Inc. AOL Government Mobility Study GTRA - June 25, 2012.

© Copyright 2009 (ISC)², Inc. All Rights Reserved. Confidential Information Security: Still A Growth Career Lynn McNulty, CISSP Director of Government.

Budgeting for Outcomes November 28, 2012 ISAC Fall School of Instruction.

HILTON, BRISBANE MINING 2006 RESOURCES CONVENTION HILTON, BRISBANE “AusIMM/Macquarie Securities Survey” Don Larkin FAusIMM CEO, The AusIMM November, 2006.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

From membership to leadership: advancing women in trade unions Cinzia Sechi, advisor, ETUC

30-Year National Transportation Policy Framework to the Future September 12,

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

Catholic Charities Performance and Quality Improvement (PQI)

Robert Mahowald August 26, 2015 VP, Cloud Software, IDC

The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.

A Pro-Manufacturing Economic Development and Awareness Initiative.

Key Fact 1: Relevancy and Frequency Microsoft Office Applications are relevant to IW jobs and used frequently. U.S. Workforce Analysis 1 Total Employment:

2009 Annual Employee Survey U.S. Department of Housing and Urban Development December 29,2009 (updated January 8, 2010)

CHANGE READINESS ASSESSMENT Measuring stakeholder engagement and attitude to change.

CPA Canada Q Business Monitor Background document On behalf of: Chartered Professional Accountants of Canada May 6, 2016.

Millennials in IT show aggressive approach to career path in contrast to other generations December 10, 2013 Millennials in IT show aggressive approach.

Incumbent Worker Training: a Key Job Placement Strategy David Rubin Vermont Green Energy Training Partnership Tom Morgan Colorado State Energy Sector Partnership.

October 1, 2015 v.1 Organizational Readiness Phase Two Presentation to the Chief Human Resources Officers October 1, 2015 Talent Management Consortium.

Society for Maintenance and Reliability Professionals (SMRP)

The National Initiative for Cybersecurity Education (NICE) AFCEA International Cyber Education, Research, and Training Symposium January 17, 2018 Bill.

8 Building Blocks of National Cyber Strategies

National Cyber Strategy Preparedness: 8 Preparatory Questions

Professional Services at FAS June 9, 2014

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Third-party risk management (TPRM)

MAZARS’ CONSULTING PRACTICE

Innovation Initiatives at the Canada School of Public Service

Presentation transcript:

(ISC) Global Information Security Workforce Study (GISWS) Results U.S. Federal Government

2 Global Study Objectives & Project Background

3 Study Objectives To obtain feedback from the (ISC) 2 members regarding certification, training and educational requirements for their organizations and their professional development. To identify trends and issues related to information security from both members and non-member security professionals. To understand potential gaps in organizational security. To forecast what positions will be most highly sought after in the next 3 to 5 years.

4 Research Background Background The information security profession continues to undergo shifts as a result of constantly changing regulatory environment and increasingly sophisticated and emerging new threats. (ISC) 2 has committed itself to maintaining its leadership role and growing its membership base in key geographic regions in which it is currently under represented. Bi-annual study 7th GISWS, first one released in 2004 In partnership with Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies, conducted by Frost & Sullivan Likely the largest study of the information security profession ever conducted, the GISWS is comprised of nearly 14,000 information security professionals worldwide.

5 Source: Frost & Sullivan Research Background (continued) Of the nearly 14, ,208 were (ISC) 2 members and 2,722 were non-members Conducted using an on-line web based survey using the (ISC) 2 membership list. invitations to complete the survey were sent out to (ISC) 2 members between October 2014 and January 2015.

6 U.S. Federal Government Results

7 Source: Frost & Sullivan U.S. Federal Government Composition Sample U.S. Federal Government (Military, armed forces, defense)1,099 U.S. Federal Government (Excluding military, armed forces, defense) 727 Total U.S. Federal Government1,826

8 Source: Frost & Sullivan Profile—U.S. Federal Government Gender Composition of Workforce 86% male and 14% female Education 41% have degrees and an additional 47% have advanced degree Average Salary $112,000 Average Years of Experience 15 Reporting Structure (Top 3) 24% Security Department, 24% Executive Management, and 18% to IT Department

9 Assessment of U.S. Government Information Security: Better or Worse?

10 Source: Frost & Sullivan Assessment of U.S. Government Information Security QG5a. Overall, is the government's information security better or worse off than a year ago? Base: Filtered Respondents (n=975). 5% increase since 2013

11 Source: Frost & Sullivan Reasons for Improved U.S. Government Security QG5b. Why do you say that government security is better off than a year ago? Base: Filtered respondents (n=441)/(n=725)

12 Source: Frost & Sullivan Reasons for Reduced U.S. Government Security QG5c. Why do you say that government security is worse off than a year ago? Base: Filtered respondents (n=174).

13 Impact of Information Security Metrics, Tools and Technologies

14 Source: Frost & Sullivan Useful IT Security Metric Tools QG8. Which of the following IT security metric tools do you find useful? Select all that apply. Base: Filtered respondents (n=974).

15 Source: Frost & Sullivan Technologies Improving Security Activities in U.S. Government Q33b. What security technologies do you believe will provide significant improvements to the security of your organization? Select as many as you feel apply. Base: Filtered respondents (n=1,059).

16 Effectiveness of U.S. Government Initiatives Q33f. Please rate the effectiveness of each of the following government initiatives in providing security guidance and standards. Base: Filtered respondents (n=1,058)/(n=1611).

17 Source: Frost & Sullivan Implementation of NIST Cybersecurity Framework Q33h. In 2014, the United States government released the Framework for Improving Infrastructure Cybersecurity. Has your company adopted any of the measured outlined in this framework? Base: Filtered respondents (n=2,983) Note: This base size represents all US respondents who do NOT work for the Federal government

18 Source: Frost & Sullivan Attitudes Toward Mandated Security Requirements QG7. How much do you agree that the government should include specific, mandatory security requirements in every major IT procurement? Base: Filtered Sample (n=975) 81% agree there should be security requirements for every IT procurement

19 Threat Response

20 Source: Frost & Sullivan U.S. Government Threat Response Q33a. If your organization's systems or data were compromised by a targeted attack, how quickly do you predict it would take to remediate the damage? Base: Filtered Sample (n=1,059) 21% say threat remediation would take a week or more U.S. Private Industry18% 43% 4% 13% 5%

21 Source: Frost & Sullivan U.S. Government Top Security Threats Q30. Thinking about your own organization, please rate the following potential security threats on the degree of concern you have for each. - Top two box scores Base: Filtered respondents (n=1,059).

22 Workforce & Funding

23 Source: Frost & Sullivan Number of Security Workers in U.S. Government Q28a. Would you say that your organization currently has the right number of information security workers, too few, or too many? Base: Filtered respondents (n=1,059) / (n=1,821)

24 Source: Frost & Sullivan Impact of Worker Shortage in U.S. Government Q28e. What is the impact of your organization's shortage of information security workers on each of the following? - Top two box scores Base: Filtered respondents (n=632).

25 Source: Frost & Sullivan Reasons for Worker Shortage in U.S. Government Q28d. What are the reasons that your organization has too few information security workers? Select as many as apply. Base: Filtered respondents (n=632)/(n=1,049)

26 Source: Frost & Sullivan Average Salary in U.S. Government Q66. Which of the following includes your current annual salary in U.S. dollars before taxes? Base: Filtered Sample (n=1,802) / (n=1,798) 2015 US Private Sector $118,000

27 Source: Frost & Sullivan Salary Change in U.S. Government Q67. Did you receive a salary increase, including benefits and incentives, in 2014? Base: Filtered Sample (n=1,802) / (n=1,798)

28 Source: Frost & Sullivan U.S. Government Projected Change in Overall Spend Base: Filtered respondents (n=1,826). Q16b. Do you expect overall information security spending at your organization to increase, decrease, or remain the same?

29 Source: Frost & Sullivan Confidence in Legislators Providing Funding for Cybersecurity Q33l. How confident are you that your country's legislators understand the importance of security enough to provide sufficient funding to support your key information security initiatives? Base: Filtered Sample (n=401) 58% not confident

30 Skills, Training & Education

31 Source: Frost & Sullivan Important Skills in New Hires in U.S. Government Q19b. When making hiring decisions for information security staff how important is each of the following? – Top box scores Base: Filtered respondents (n=237).

32 Source: Frost & Sullivan Future Skills and Competencies in U.S. Government Q25. What are the skills and competencies that you will need to acquire or strengthen to be in position to respond to the threat landscape over the next three years? Select all that apply. Base: Filtered respondents (n=1,059).

33 Source: Frost & Sullivan Demand for Training and Education in U.S. Government Q23. In which areas of information security do you see growing demand for training and education within the next three years? Base: Filtered respondents (n=1,826)/(n=1,821).

34 Cloud Computing

35 Source: Frost & Sullivan Prioritization of Cloud Computing Q57. To what extent is cloud computing a priority for your organization now and in the future? - Top two box scores Base: Filtered Sample (n=1,171)

36 Source: Frost & Sullivan Cloud Migration Due to FedRAMP QG12. Have FedRAMP's baseline security controls enabled your agency to migrate systems more securely to the cloud? Base: Filtered Sample (n=1,077)

37 Source: Frost & Sullivan New Skills for Cloud Computing Q61c. What skills will be required for dealing with cloud computing? Select as many as apply. Base: Filtered respondents (n=810))

38 Source: Frost & Sullivan U.S. Government Frequency of Security Scans on Application Base: Filtered respondents (n=1,059). Q40. Please indicate the frequency with which security scans are conducted on the following applications. - Always

39 Source: Frost & Sullivan Security Concerns in the U.S. Government When Implementing Cloud QG10. How much of a security concern is each of the following for your government department agency when implementing cloud computing? - Top two box scores Base: Filtered respondents (n=1,078))

40 SUMMARY OF CONCLUSIONS

41 The key conclusions offered by the 2015 U.S. government-specific findings include: As predicted, the gap between the need for qualified information security professionals and the supply is having a negative impact on U.S. government security readiness and is only getting worse. The U.S. government has spent a lot of time, money and effort on policies, programs and tools designed to improve its security posture, but thus far there has been little return on that investment. Although procurement and acquisition are cited as moments of great vulnerability, there remains very little focus on applying security during the supply chain process.

42 Questions?