1 August 5, 2013 Cyber Security Census Sponsored by:
Nov 01, 2014
1
August 5, 2013
Cyber Security Census
Sponsored by:
2
Research Objectives 3
Today’s Cyber Security Professionals 4
What Cyber Professionals Want in Their Next Job 10
Who Are Tomorrow’s Cyber Security Professionals? 18
Recruitment and Retention 21
Table of Contents
3
Cyber security professionals are in high demand in numerous industries across
the United States. The demand for cyber pros has grown more than 3.5 times
faster than the demand for other IT jobs over the past five years and more
than 12 times faster than the demand for all other non-IT jobs.* Estimated
current staffing shortages are between 20,000 and 40,000 and are expected to
continue for years to come.**
To meet the current and future demand for cyber pros, today’s employers
must better understand how to recruit and retain a qualified workforce.
To facilitate this understanding, Semper Secure surveyed 500 cyber pros from
40 different industries across 43 states, the District of Columbia, and Puerto
Rico. The resulting report:
Summarizes the origins and characteristics of today’s cyber pros
Outlines cyber pros’ career goals and aspirations
Recommends strategies for recruiting and retaining
Research Objectives What motivates today’s cyber security professionals and how do we train and recruit the next generation?
*Source: http://www.pkware.com/Blog/2013/03/12/shortage-of-it-security-professionals-could-comprise-companies-network-security
**Source: http://www.reuters.com/article/2012/06/12/us-media-tech-summit-symantec-idUSBRE85B1E220120612
4
Today’s Cyber Security Professionals Today’s Cyber Security Professionals
5
$116K
5%
34%
44%
85%
Who Are They? The typical cyber pro is well educated and well compensated
Take Away: Demand > Supply
Professional certification
Bachelor’s degree
Master’s degree
Doctorate
Do You Hold Any of the Following Academic Degrees in Computer Science, Mathematics, or Electrical Engineering?*
CISSP: Certified Information Systems Security Professional
CCNP: Cisco Certified Network
Professional Security
CEH: Certified Ethical Hacker
Most Popular Certifications
The average annual salary of today’s U.S. cyber pro ($55.77 per hour)
*Respondents asked to select all that apply
6
1%
4%
4%
5%
8%
5%
7%
7%
Utah
Washington
Colorado
NY
Texas
Maryland
D.C.
Virginia
California
Where Are They?
LOCATION
Cyber pros contribute to numerous industries across the U.S.
Take Away: Cyber pros are concentrated in CA and the D.C. metro area
4%
6%
6%
7%
8%
9%
11%
13%
14%
14%
IT
Biotechnology
Financial Services
Education
Other
Legal and Insurance
Heath/MedicalServices
Defense/Aerospace
Manufacturing
Government
19% Greater D.C. metro area
19%
INDUSTRY
7
Where Did They Come From? Cyber pros typically discover the field during their careers
Take Away: Support educational programs to develop future employment pool
When Did You First Become Interested in Cyber Security?
Career
A New Field
One in four cyber pros (26%) have been working in the field for less than
five years.
Higher Education*
36% 43%
*Became interested in college or graduate school
21% Other
8
13%
18%
25%
27%
31%
39%
44%
56%
Why Did They Stay? Today’s cyber pros have a genuine interest in their work; want engaging and meaningful careers
Take Away: It’s not just a paycheck to cyber pros
What Interests You the Most About the Cyber Security Profession?*
Interesting, challenging work
Important and meaningful work
Love the technology
Constant change/Dynamic industry
Job security
High salary and benefits
Validates my talent and skill
Opportunity to work with the best people
Just one in four cite salary and benefits as a top interest
*Respondents asked to select top three
9
What Do They Like? Cyber pros enjoy a variety of leisure pursuits
Take Away: The cyber elite are people too
Madden Football
Reading
Cooking
Spending Time Outdoors
Traveling
Game of Thrones
NCIS The Big Bang
Theory
CSI
Super Mario
Brothers
Halo
Call of Duty
Pac-Man
Non-Technology Activities Favorite TV Shows
Favorite Video Games
10
What Cyber Professionals Want in Their Next Job
11
Catalysts for Change Cyber pros choose new employers for growth, money, and prestige
Take Away: Provide opportunities so staff develops with you, not your competitors
Top Reasons Cyber Pros Change Jobs:
New job with greater growth opportunity New job with better total compensation New job with more prestige or at a better organization
#1
#3
#2
Cyber security professionals are more loyal than you
think.
The majority (65%) have worked for two or fewer
different organizations during their career.
12
Secure Growth
What Do You Believe is The Next Step in Your Career?*
Cyber pros look for career growth through new challenges and leadership opportunities
Take Away: Create opportunities to keep staff challenged and engaged
Take on more difficult
challenges
Continue same type of
work in a different domain
Assume responsibility for cyber and
physical security
Become a CIO/CISO
Start own company/
consult
Assume a leadership
role
22% 18% 16% 15% 10% 8%
*Respondents asked to select only one
13
2%
4%
6%
6%
13%
14%
14%
16%
25%
Cool Tech
The technology is by far the most important part of a
cyber pro’s job.
Cool technology aside, cyber security professionals want to
do work that makes a difference.
Work flexibility (14%) is valued more than benefits and
prestige.
The technology
Work is of national importance
Control over my work and work environment
Work flexibility/telecommuting opportunities
Compensation
Quality of my coworkers
Benefits
Prestige
Convenience
Cyber pros favor jobs that allow them to work with interesting technology
Take Away: When recruiting, emphasize the technology
What is Most Important to You About Your Job?*
*Respondents asked to select only one
14
High Quality of Life
1. Flexible work arrangement (47%)
2. High total compensation (44%)
3. Training/education/career development (29%)
4. Being well respected/admired (28%)
5. Close relationships with people who share similar values (25%)
6. Substantial amount of vacation/time off (23%)
7. Low cost of living (21%)
7. Minimal traffic congestion (21%)
9. Access to outdoor recreation options (16%)
10. Access to cultural activities (11%)
Make no mistake, the money still matters
Take Away: Don’t miss on the money, but don’t forget the full picture
What Aspects Are Most Important to Your Overall Quality of Life?*
Flexible work arrangements
(which 81% say their employer offers) and total compensation are key to cyber pros’
quality of life.
Cost of living and traffic congestion are
low priorities, which makes sense with much of the industry based in
CA and D.C./VA.
*Respondents asked to select top three
15
Integrity and Leadership
Reputation for integrity; a code of honor
Reputation as a leader in cyber security
Known for addressing leading challenges in cyber security
Relatively high compensation scale
Expansive cyber security career opportunities
Excellence of leadership
Excellence of coworkers
Today’s cyber pros want employers to demonstrate integrity, leadership
Take Away: Nothing matters more than integrity
23%
30%
30%
31%
33%
34%
44%
What Are the Most Important Attributes of an Ideal Cyber Security Employer?*
*Respondents asked to select top three
16
33%
27% 12%
5%
23%
Leading Locations California and Washington D.C. are clear leaders
Take Away: Emphasize ties to Washington D.C., call out what differentiates VA
One in three cyber pros view California as the center of cyber security innovation.
But Washington D.C. is not
far behind. Nearly half (44%) say the greater D.C./VA/MD area is the center of cyber security
innovation.
What State or Geographic Region Within the United States Would You Consider to be the Center of Cyber Security Innovation and/or Activity?*
44%
D.C. Metro Area
California
Virginia
Washington D.C.
Maryland
Other
*Respondents asked to select only one
17
In a Perfect World, Everyone Works For Google Cyber pros favor Google, the Federal government, or self-employment
Take Away: The Federal government is a desirable employer, focus on retention
If You Could Work for Any Employer, Whom Would You Work For?*
Federal government
Self-employed
Cisco
Cyber pros view Symantec-Norton, IBM, McAfee, and
Cisco as leading companies in the cyber security industry.
*Respondents asked to write in a response
#1
#2
#3
#4
18
Who Are Tomorrow’s Cyber Security
Professionals?
19
Different Origins, Different Values
How big of a driver are the tech toys? It depends on when you
discovered the industry:
17% of those who found it during
their career think the tech is cool
31% of those who found during
some form of education think the tech is cool
43% of those who found it during
grad school think the tech is cool
Cyber pros who discover the industry during their careers and during their education value very different things
Take Away: Know your audience – emphasize the tech when recruiting college grads, focus on importance of the work when developing/retraining staff from within
#1 Work is of national
importance The technology
#2 Work flexibility and
telecommuting opportunities
Compensation
#3 The technology Control over my work and work environment
What is Most Important to You About Your Job?
Those who discovered
the industry in their
career
Those who discovered
the industry in
college
20
#1 Flex work
arrangement Flex work
arrangement High
compensation
#2 Training/
development High
compensation Flex work
arrangement
#3 High
compensation Training/
development Respect and admiration
Different Roles, Different Goals
Take Away: Understand the staffing role and tailor incentives accordingly
Doers, managers, and entrepreneurs
What is Your Ultimate Career Goal?
Doers: Cyber security specialist
Managers: Chief Information Security Officer
Entrepreneurs: Start my own company/ consulting
What is Most Important to Your Overall
Quality of Life?
Doers Managers Entrepreneurs
Doers are also less likely than the others to have held more
than two jobs or moved more than 250 miles for a new job.
21
Recruitment and Retention
Professional Development: Cyber security professionals want to be challenged and move up. Provide opportunities to develop your current employees so they do not become your future competition
Internal Recruitment: Exposure during one’s career is still the most common means of entering the cyber security field. Recruit and train internally to make current employees new cyber security professionals
External Recruitment: Focus external recruitment efforts on youth in college and graduate programs. Emphasize the technology to spark interest. Follow up with the perks: pay, flexibility, and job security
Support New Educational Programs: Foster interest in the field early on through tailored educational and work-study programs
Maintain institutional knowledge, attract new recruits, and support educational programs to meet the growing need for cyber security professionals
22
The cyber security salary calculator generates a cyber pro’s expected salary based on their job title, years of experience within the cyber security field, geographic region, academic qualifications, and professional certifications. Use the calculator now: www.meritalk.com/csx/calculator
Cyber Calculator Expected salaries for cyber pros
The equations that power the Cyber Security Salary Calculator draw on survey data collected from 500 cyber security professionals in May of 2013. The survey results have a margin of error of ± 4.33% at a 95% confidence level. Surveys were completed over the web through a link from a trusted source.
Example One: Deputy CIO
Deputy CIO/CTO/CISO 15-19 Years of Experience DC Metro Region Doctorate or Post-Doc
Five or more Certifications
Average Salary:
Example Two: Mid-Level Cyber Pro Cyber Security Manager
5-9 Years of Experience
California
Bachelor’s Degree
Two Certifications Average Salary:
Example Three: Junior Cyber Pro Non-IT Management
Less than 1 Year of Experience
Minnesota
Associate’s Degree
Zero Certifications Average Salary:
$142,826.30 $91,124.90 $111,529.10
23
Methodology
Gender:
81% Male
19% Female
Cyber Security Professional Titles
29% CIO/CTO/CISO
2% Deputy CIO/CTO/CISO
22% IT Director/Supervisor
19% Cyber Security or Information Security Manager
3% Network Manager
1% Data Center Manager
4% Other IT Manager
20% Non-management IT
MeriTalk surveyed 500 cyber security professionals in May 2013. Surveys were completed over the web through a link from a trusted source. The data has a margin of error of ± 4.33% at a 95% confidence level.
100% of respondents work in cyber security and information security
24
Semper Secure Board Members Jim Duffey, Chairman Secretary of Technology Commonwealth of Virginia Cameron Kilberg Assistant Secretary and Senior Policy Advisor Office of Virginia's Secretary of Technology Jeffrey Eisensmith Chief Information Security Officer Department of Homeland Security Michael Howell Roberta Stempfley Acting Assistant Secretary of the Office of Cybersecurity and Communications (CS&C) Department of Homeland Security Dr. Ernest McDuffie Lead National Initiative for Cyber Security Education David Ihrie Chief Technology Officer Center for Innovative Technology Jenny Menna Director, Stakeholder Engagement and Cyber Infrastructure Resilience Division Department of Homeland Security
Major Linus Barloon II Chief, J3 Cyber Operations Division White House Communications Agency Robert Brese Chief Information Officer Department of Energy Diane Miller Director, InfoSec and Cyber Initiatives Northrop Grumman Lee Vorthman Manager, Cyber Security Lead NetApp David Stender Associate CIO for Cybersecurity and Chief Information Security Officer Internal Revenue Service Michael Watson Chief Information Security Officer Virginia Information Technologies Agency Michael Dent Chief Information Security Officer Fairfax County Government Kenneth Ball Dean, Volgenau School of Engineering George Mason University