Your SlideShare is downloading. ×
Cyber security census_report
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cyber security census_report


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. 1 August 5, 2013 Cyber Security Census Sponsored by:
  • 2. 2 Research Objectives 3 Today’s Cyber Security Professionals 4 What Cyber Professionals Want in Their Next Job 10 Who Are Tomorrow’s Cyber Security Professionals? 18 Recruitment and Retention 21 Table of Contents
  • 3. 3 Cyber security professionals are in high demand in numerous industries across the United States. The demand for cyber pros has grown more than 3.5 times faster than the demand for other IT jobs over the past five years and more than 12 times faster than the demand for all other non-IT jobs.* Estimated current staffing shortages are between 20,000 and 40,000 and are expected to continue for years to come.** To meet the current and future demand for cyber pros, today’s employers must better understand how to recruit and retain a qualified workforce. To facilitate this understanding, Semper Secure surveyed 500 cyber pros from 40 different industries across 43 states, the District of Columbia, and Puerto Rico. The resulting report:  Summarizes the origins and characteristics of today’s cyber pros  Outlines cyber pros’ career goals and aspirations  Recommends strategies for recruiting and retaining Research Objectives What motivates today’s cyber security professionals and how do we train and recruit the next generation? *Source: **Source:
  • 4. 4 Today’s Cyber Security ProfessionalsToday’s Cyber Security Professionals
  • 5. 5 $116K 5% 34% 44% 85% Who Are They? The typical cyber pro is well educated and well compensated Take Away: Demand > Supply Professional certification Bachelor’s degree Master’s degree Doctorate Do You Hold Any of the Following Academic Degrees in Computer Science, Mathematics, or Electrical Engineering?* CISSP: Certified Information Systems Security Professional CCNP: Cisco Certified Network Professional Security CEH: Certified Ethical Hacker Most Popular Certifications The average annual salary of today’s U.S. cyber pro ($55.77 per hour) *Respondents asked to select all that apply
  • 6. 6 1% 4% 4% 5% 8% 5% 7% 7% Utah Washington Colorado NY Texas Maryland D.C. Virginia California Where Are They? LOCATION Cyber pros contribute to numerous industries across the U.S. Take Away: Cyber pros are concentrated in CA and the D.C. metro area 4% 6% 6% 7% 8% 9% 11% 13% 14% 14% IT Biotechnology Financial Services Education Other Legal and Insurance Heath/Medical Services Defense/Aerospace Manufacturing Government 19% Greater D.C. metro area 19% INDUSTRY
  • 7. 7 Where Did They Come From? Cyber pros typically discover the field during their careers Take Away: Support educational programs to develop future employment pool When Did You First Become Interested in Cyber Security? Career A New Field One in four cyber pros (26%) have been working in the field for less than five years. Higher Education* 36%43% *Became interested in college or graduate school 21% Other
  • 8. 8 13% 18% 25% 27% 31% 39% 44% 56% Why Did They Stay? Today’s cyber pros have a genuine interest in their work; want engaging and meaningful careers Take Away: It’s not just a paycheck to cyber pros What Interests You the Most About the Cyber Security Profession?* Interesting, challenging work Important and meaningful work Love the technology Constant change/Dynamic industry Job security High salary and benefits Validates my talent and skill Opportunity to work with the best people Just one in four cite salary and benefits as a top interest *Respondents asked to select top three
  • 9. 9 What Do They Like? Cyber pros enjoy a variety of leisure pursuits Take Away: The cyber elite are people too Madden Football Reading Cooking Spending Time Outdoors Traveling Game of Thrones NCIS The Big Bang Theory CSI Super Mario Brothers Halo Call of Duty Pac-Man Non-Technology Activities Favorite TV Shows Favorite Video Games
  • 10. 10 What Cyber Professionals Want in Their Next Job
  • 11. 11 Catalysts for Change Cyber pros choose new employers for growth, money, and prestige Take Away: Provide opportunities so staff develops with you, not your competitors Top Reasons Cyber Pros Change Jobs: New job with greater growth opportunity New job with better total compensation New job with more prestige or at a better organization #1 #3 #2 Cyber security professionals are more loyal than you think. The majority (65%) have worked for two or fewer different organizations during their career.
  • 12. 12 Secure Growth What Do You Believe is The Next Step in Your Career?* Cyber pros look for career growth through new challenges and leadership opportunities Take Away: Create opportunities to keep staff challenged and engaged Take on more difficult challenges Continue same type of work in a different domain Assume responsibility for cyber and physical security Become a CIO/CISO Start own company/ consult Assume a leadership role 22%18%16%15%10%8% *Respondents asked to select only one
  • 13. 13 2% 4% 6% 6% 13% 14% 14% 16% 25% Cool Tech The technology is by far the most important part of a cyber pro’s job. Cool technology aside, cyber security professionals want to do work that makes a difference. Work flexibility (14%) is valued more than benefits and prestige. The technology Work is of national importance Control over my work and work environment Work flexibility/telecommuting opportunities Compensation Quality of my coworkers Benefits Prestige Convenience Cyber pros favor jobs that allow them to work with interesting technology Take Away: When recruiting, emphasize the technology What is Most Important to You About Your Job?* *Respondents asked to select only one
  • 14. 14 High Quality of Life 1. Flexible work arrangement (47%) 2. High total compensation (44%) 3. Training/education/career development (29%) 4. Being well respected/admired (28%) 5. Close relationships with people who share similar values (25%) 6. Substantial amount of vacation/time off (23%) 7. Low cost of living (21%) 7. Minimal traffic congestion (21%) 9. Access to outdoor recreation options (16%) 10. Access to cultural activities (11%) Make no mistake, the money still matters Take Away: Don’t miss on the money, but don’t forget the full picture What Aspects Are Most Important to Your Overall Quality of Life?* Flexible work arrangements (which 81% say their employer offers) and total compensation are key to cyber pros’ quality of life. Cost of living and traffic congestion are low priorities, which makes sense with much of the industry based in CA and D.C./VA. *Respondents asked to select top three
  • 15. 15 Integrity and Leadership Reputation for integrity; a code of honor Reputation as a leader in cyber security Known for addressing leading challenges in cyber security Relatively high compensation scale Expansive cyber security career opportunities Excellence of leadership Excellence of coworkers Today’s cyber pros want employers to demonstrate integrity, leadership Take Away: Nothing matters more than integrity 23% 30% 30% 31% 33% 34% 44% What Are the Most Important Attributes of an Ideal Cyber Security Employer?* *Respondents asked to select top three
  • 16. 16 33% 27% 12% 5% 23% Leading Locations California and Washington D.C. are clear leaders Take Away: Emphasize ties to Washington D.C., call out what differentiates VA One in three cyber pros view California as the center of cyber security innovation. But Washington D.C. is not far behind. Nearly half (44%) say the greater D.C./VA/MD area is the center of cyber security innovation. What State or Geographic Region Within the United States Would You Consider to be the Center of Cyber Security Innovation and/or Activity?* 44% D.C. Metro Area California Virginia Washington D.C. Maryland Other *Respondents asked to select only one
  • 17. 17 In a Perfect World, Everyone Works For Google Cyber pros favor Google, the Federal government, or self-employment Take Away: The Federal government is a desirable employer, focus on retention If You Could Work for Any Employer, Whom Would You Work For?* Google Federal government Self-employed Cisco Cyber pros view Symantec- Norton, IBM, McAfee, and Cisco as leading companies in the cyber security industry. *Respondents asked to write in a response #1 #2 #3 #4
  • 18. 18 Who Are Tomorrow’s Cyber Security Professionals?
  • 19. 19 Different Origins, Different Values How big of a driver are the tech toys? It depends on when you discovered the industry: 17% of those who found it during their career think the tech is cool 31% of those who found during some form of education think the tech is cool 43% of those who found it during grad school think the tech is cool Cyber pros who discover the industry during their careers and during their education value very different things Take Away: Know your audience – emphasize the tech when recruiting college grads, focus on importance of the work when developing/retraining staff from within #1 Work is of national importance The technology #2 Work flexibility and telecommuting opportunities Compensation #3 The technology Control over my work and work environment What is Most Important to You About Your Job? Those who discovered the industry in their career Those who discovered the industry in college
  • 20. 20 #1 Flex work arrangement Flex work arrangement High compensation #2 Training/ development High compensation Flex work arrangement #3 High compensation Training/ development Respect and admiration Different Roles, Different Goals Take Away: Understand the staffing role and tailor incentives accordingly Doers, managers, and entrepreneurs What is Your Ultimate Career Goal? Doers: Cyber security specialist Managers: Chief Information Security Officer Entrepreneurs: Start my own company/ consulting What is Most Important to Your Overall Quality of Life? Doers Managers Entrepreneurs Doers are also less likely than the others to have held more than two jobs or moved more than 250 miles for a new job.
  • 21. 21 Recruitment and Retention  Professional Development: Cyber security professionals want to be challenged and move up. Provide opportunities to develop your current employees so they do not become your future competition  Internal Recruitment: Exposure during one’s career is still the most common means of entering the cyber security field. Recruit and train internally to make current employees new cyber security professionals  External Recruitment: Focus external recruitment efforts on youth in college and graduate programs. Emphasize the technology to spark interest. Follow up with the perks: pay, flexibility, and job security  Support New Educational Programs: Foster interest in the field early on through tailored educational and work-study programs Maintain institutional knowledge, attract new recruits, and support educational programs to meet the growing need for cyber security professionals
  • 22. 22 The cyber security salary calculator generates a cyber pro’s expected salary based on their job title, years of experience within the cyber security field, geographic region, academic qualifications, and professional certifications. Use the calculator now: Cyber Calculator Expected salaries for cyber pros The equations that power the Cyber Security Salary Calculator draw on survey data collected from 500 cyber security professionals in May of 2013. The survey results have a margin of error of ± 4.33% at a 95% confidence level. Surveys were completed over the web through a link from a trusted source. Example One: Deputy CIO Deputy CIO/CTO/CISO 15-19 Years of Experience DC Metro Region Doctorate or Post-Doc Five or more Certifications Average Salary: Example Two: Mid-Level Cyber Pro Cyber Security Manager 5-9 Years of Experience California Bachelor’s Degree Two Certifications Average Salary: Example Three: Junior Cyber Pro Non-IT Management Less than 1 Year of Experience Minnesota Associate’s Degree Zero Certifications Average Salary: $142,826.30 $91,124.90$111,529.10
  • 23. 23 Methodology Gender: 81% Male 19% Female Cyber Security Professional Titles 29% CIO/CTO/CISO 2% Deputy CIO/CTO/CISO 22% IT Director/Supervisor 19% Cyber Security or Information Security Manager 3% Network Manager 1% Data Center Manager 4% Other IT Manager 20% Non-management IT MeriTalk surveyed 500 cyber security professionals in May 2013. Surveys were completed over the web through a link from a trusted source. The data has a margin of error of ± 4.33% at a 95% confidence level. 100% of respondents work in cyber security and information security
  • 24. 24 Semper Secure Board Members Jim Duffey, Chairman Secretary of Technology Commonwealth of Virginia Cameron Kilberg Assistant Secretary and Senior Policy Advisor Office of Virginia's Secretary of Technology Jeffrey Eisensmith Chief Information Security Officer Department of Homeland Security Michael Howell Roberta Stempfley Acting Assistant Secretary of the Office of Cybersecurity and Communications (CS&C) Department of Homeland Security Dr. Ernest McDuffie Lead National Initiative for Cyber Security Education David Ihrie Chief Technology Officer Center for Innovative Technology Jenny Menna Director, Stakeholder Engagement and Cyber Infrastructure Resilience Division Department of Homeland Security Major Linus Barloon II Chief, J3 Cyber Operations Division White House Communications Agency Robert Brese Chief Information Officer Department of Energy Diane Miller Director, InfoSec and Cyber Initiatives Northrop Grumman Lee Vorthman Manager, Cyber Security Lead NetApp David Stender Associate CIO for Cybersecurity and Chief Information Security Officer Internal Revenue Service Michael Watson Chief Information Security Officer Virginia Information Technologies Agency Michael Dent Chief Information Security Officer Fairfax County Government Kenneth Ball Dean, Volgenau School of Engineering George Mason University