1. Session ID:
Session Classification:
PROF-M01
General Interest
Frost & Sullivan
Gay Beach

2. Who expressed more concern?
• C-Levels over rank & file
• Large over small companies
• Developing over developed
countries
• More info sec workers
certified in developed (71%
CISSP) vs. developing (42%
CISSP) countries
Concern also varies by industry
vertical
• Most concerned about hackers,
hactivists, and organized crime:
Banking, Insurance, and Finance
• Most concerned about state-
sponsored acts and cyber
terrorism: Government

3. Across categories, higher
priorities by respondents in:
• Larger businesses
• Developing countries
90% Banking, Insurance, &
Finance
84% each Healthcare and
Banking, Insurance, & Finance
82% Telecom & Media
85% Healthcare

4. ►

5. ►
►
►
Less than 20% of respondents are
directly engaged in software
development, procurement, &
outsourcing.
Plus, formal training is very low:
just 1% of respondents have
acquired Certified Secure Software
Lifecycle Professional (CSSLP®)
certification.

6. Limited control;
Users “find” ways to get in
and 53% of respondents state
user-owned devices allowed in.
Moderate control;
Cloud adoption is a company
decision.
Choose use and cloud type
based on risk assessment.
Stronger control;
“Been there, done that” in
managing electronic
communication risks
(email, IM, & Web).

8. Private cloud
computing services
have least risk and
uncertainty.
Reflective of the ambiguity and non-
standardization of cloud services,
skill development is driven to the
basics: “understanding”.
Nearly 90% of all survey respondents
selected “How security applies to
the cloud” as an area of skill
development.

9. Security profession’s justifiable and pragmatic
approach: use what is already available and
working before investing in new.

10. ►
Relatively more optimistic on preparedness: Those with security certifications,
C-Levels, large companies, and battle-tested industries (e.g., Banking,
Insurance, and Finance).

11. Topping the list of “within a day”
• 34% of respondents in Banking,
Insurance, and Finance
• 32% or respondents in Info Tech
• 31% each: C-Levels and
respondents in small businesses
Not so knowledgeable on
preparedness, topping the list of
“don’t know”
• 20% each: respondents
employed in Construction and
Utilities industries
• 19%: respondents in Retail &
Wholesale

12. Because
47% selected
Security Analyst
as being in short
supply
Greatest impact
on existing
information
security
workforce
30% expect
spending on
info. security
personnel to
increase over
next 12
months; 28%
on training and
education

13. Human tops
products in
importance
Human aspects:
Nurture both
people and
relationships
Products: Buy
and deploy

14. The best of these
two technologies
narrow the field of
threats so security
analysts can
concentrate on the
most challenging and
complex incidents
and warnings.

15. ►
Ranks of information security professionals have grown substantially even
during harsh economic times.
The long-standing contributors of more business operations occurring over
networks, public and private, and a motivated, organized, and diverse
assortment of threat actors are non-reversing trends.

16. Near identical results
in two surveys, two
years apart, attests to
stability of information
security careers.

17. Broaden and deepen
security expertise and
polish communication
skills
Get your security
diploma

18. Majority of non-members hold (ISC)2
Membership in Extremely Critical or Critical
Importance
Non-Member – 51%
(ISC)2 Members – 74%