Survey: People, Not Money, Are Key To Better Security
Security professionals believe one of the most effective ways to boost their systems’ safety has less to do with money and more to do with expanding their teams. Specifically, they’d rather have more experts than more technology. A survey by the IT security and compliance solutions provider Tripwire found that 44 percent wanted to up their skilled security staff, while only 32 percent preferred an increase in their budget. Another 24 percent wanted their board and/or key executives to buy into security goals and objectives. The survey was conducted among attendees at this year’s Black Hat conference. In an interview with Dice News, Tripwire CTO Dwayne Melancon said the desire for more security experts has increased significantly over the last five years. “One of the reasons we’ve asked this at every single Black Hat conference is that we consistently hear people complain about the lack of security professionals with the right skills,” he told us. Companies, he says, want to find people who can think end-to-end security. However, the current reality is most security professionals are great at one or another aspect of the problem, such as firmware or application security, for instance. “People don’t know how to look at the big picture when it comes to security,” Melancon believes. “It’s not enough to say how to code more securely or secure a Web server.” Instead, the challenge lies in putting systems together in a secure way. Another challenge Melancon sees is that there are few in the sector with hands-on experience, and that the industry is in desperate need of an apprenticeship-type model to bring the next generation of security professionals up to the task. “This isn’t something that you can get from a Web course,” he says. In the past five years, the demand for cyber security professionals has increased 3.5 times faster than computer jobs in general, and 12 times faster than the national labor market, according to Burning Glass Technologies. On average, cyber security jobs pay a premium of almost $12,000 more than computer jobs overall.