Successfully reported this slideshow.
Your SlideShare is downloading. ×

LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 2015 version

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 29 Ad
Advertisement

More Related Content

Viewers also liked (17)

Similar to LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 2015 version (20)

Advertisement

Recently uploaded (20)

LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 2015 version

  1. 1. Exploring the Security Talent Pool Cory Scott, Director - House Security, LinkedIn | @cory_scott
  2. 2. Introductions and Agenda • Exploring the Information Security Talent Pool • Survey the field • Evaluate demand by geography • Examine talent flows • Onramps to Security • Security Survival Rates • A peek into the CISO Suite
  3. 3. Surveying the Field Information Security Talent Pool Insights
  4. 4. Methodology • Using public profile data of LinkedIn’s member base, we extracted attributes such as: • Location • Education and Field of Study • Position attributes, such as: • Employer • Title (standardized) • Length of employment • Skills • Not survey data • Only as good as LinkedIn’s penetration into a given region • Some results are US, Canada, UK, India specific
  5. 5. How many InfoSec professionals are there? Where are they? 189,000 members in Information Security roles 20,000 are senior: director-level or above Country % of Global Talent Pool United States 47.32% United Kingdom 7.57% India 7.18% Canada 3.15% Australia 2.26% France 1.98% Italy 1.77% Netherlands 1.71% Spain 1.57% Germany 1.48% 10 Countries make up 75% of the talent pool
  6. 6. Top Regions Worldwide for InfoSec Talent 1. Washington D.C. Metro Area - 6% 2. Greater New York City Area - 3% 3. San Francisco Bay Area - 2.2% 4. London, United Kingdom - 1.7% 5. Greater Boston Area - 1.5% 6. Dallas/Fort Worth Area - 1.5% 7. Bengaluru Area, India - 1.4% 8. Greater Chicago Area - 1.4% 9. Greater Atlanta Area - 1.4% 10. Baltimore, Maryland Area - 1.2%
  7. 7. Top 10 InfoSec Regions in US compared to general population 1. Washington D.C. Metro Area (7th) 2. Greater New York City Area (1st) 3. San Francisco Bay Area (11th) 4. Greater Boston Area (10th) 5. Dallas/Fort Worth Area (4th) 6. Greater Chicago Area (3rd) 7. Greater Atlanta Area (9th) 8. Baltimore, Maryland Area (combined with DC - 7th) 9. Greater Seattle Area (15th) 10. Greater Los Angeles Area (2nd) Missing: ● Houston (5th) ● Philadelphia (6th) ● Miami (8th)
  8. 8. Evaluating Demand
  9. 9. Existing Talent Pool : New Demand Ratio : already employed in an infosec position in 2014 for a given country or region new job posting for infosec position in the given country or region for 2014
  10. 10. Employer Demand in relation to Country Talent Pool: 2014 High Demand United States - 4:3 Canada - 3:2 New Zealand - 3:1 Australia - 3:1 China - 4:1 United Kingdom - 5:1 Ireland - 5:1 Hong Kong - 5:1 India - 5:1 Singapore - 5:1 Low Demand Spain - 20:1 Mexico - 20:1 France - 25:1 South Africa - 25:1 Brazil - 33:1 UAE - 33:1 Italy - 50:1 Ratio is number of Information Security staff already employed in country compared to number of Information Security job postings in 2014.
  11. 11. Regions with High Demand in 2014 2:1 Greater Atlanta Area Dallas/Fort Worth Area Greater Los Angeles Area Ontario, Canada Greater Boston Area Greater Seattle Area Washington D.C. Metro Area Greater Chicago Area 1:1 San Francisco Bay Area British Columbia, Canada 6:5 Baltimore, Maryland Area 3:2 Greater New York City Area Ratio is number of Information Security staff already employed in region compared to number of Information Security job postings in 2014.
  12. 12. Regions with Low Demand in 2014 Ahmedabad Area, India - 100:1 Ottawa, Canada Area - 50:1 Montreal, Canada Area - 33:1 Pune Area, India - 20:1 Toronto, Canada Area - 14:1 Kitchener, Canada Area - 13:1 Milton Keynes, United Kingdom - 11:1 New Delhi Area, India - 11:1 Oxford, United Kingdom -10:1
  13. 13. Talent Flows
  14. 14. US Talent Migration 2013 -> 2015 Region Growth % Tampa/St. Petersburg, Florida 10.90% San Francisco Bay Area 7.50% Portland, Oregon 7.50% Houston, Texas 7.20% Austin, Texas 6.00% Charlotte, North Carolina 5.30% San Antonio, Texas 5.10% Greater Denver Area 4.70% Phoenix, Arizona 4.60% Dallas/Fort Worth, Texas 4.20% These regions managed not only to retain their existing information security staff, but attract talent from other regions in meaningful numbers. Miami is also on a good path to growth at 3.7%.
  15. 15. Region Growth % Little Rock, Arkansas -8.00% Albany, New York -7.30% Norfolk, Virginia -4.60% Rochester, New York -3.80% Albuquerque, New Mexico -2.50% Louisville, Kentucky -2.50% Providence, Rhode Island -1.80% Tucson, Arizona -1.40% Minneapolis-St. Paul, MN -1.10% Detroit, Michigan -1.00% US Talent Migration 2013 -> 2015 These regions are losing information security staff and failing to attract talent from other regions in meaningful numbers. There’s also stagnation in these regions: ● Chicago ● Philadelphia ● New York
  16. 16. Company Size / Title flows: 2013 -> 2015 • InfoSec talent is leaving larger companies to work for smaller ones. • Companies larger than 5000 employees have had net losses. • Smaller companies have had net gains. • Lots of people are becoming CISOs and managers! • There are 10.6% more CISOs in the past 2 years alone. • 6.3% more infosec managers • 8.2% shift to senior security consultants • Lots of people are leaving the network security track: 7% loss of network security engineers
  17. 17. Onramps to Security
  18. 18. InfoSec Higher Education 22,000 members have fields of study related to information security Where did they go after they got their degree? • 21% Infosec • 20% Development and QA • 19% Consulting • 15% IT and Operations • 11% Management (non-InfoSec or unspecified) • 5% Academia • 5% Internships • 4% Unknown
  19. 19. People with experience in technology are coming into InfoSec Engineering / Development 2000: 12.2% 2005: 16.4% 2010: 18.1% 2015: 24.7% Admin / Analyst / Operations 2000: 13.7% 2005: 16.2% 2010: 17.5% 2015: 23.3%
  20. 20. Where to find your next InfoSec hire Most common titles for members prior to entering InfoSec • network engineer • system administrator • system engineer • network administrator • information technology • senior network engineer • software engineer • information technology manager • senior system engineer • engineer
  21. 21. Field Survival
  22. 22. The average InfoSec position lasts 3.1 years. Greater than average • security manager • director information security • network security manager • information system security manager • information technology security officer • information technology security manager • chief information security officer • senior security manager • director information technology security • vice president information security Less than average • identity management consultant • security researcher • information assurance analyst • security consultant • network security consultant • security auditor • information security consultant • information assurance consultant • senior information assurance engineer • information assurance engineer
  23. 23. InfoSec Position Tenure by Industry Top 10 industries for longevity (between 3.6 and 4.2 years) • aviation and aerospace • military • primary/secondary education • wholesale • semiconductors • paper & forest products • printing • food production • chemicals • law enforcement Top 10 industries for lack of longevity (between 1.5 and 2.6 years) • staffing and recruiting • computer games • sports • internet • government relations • management consulting • computer & network security • maritime • wireless • civil engineering • computer software Other popular industries Below average • information technology & services Average or slightly above average • telecommunications • banking • financial services • defense & space • military
  24. 24. What about leaving the field altogether? Top 10 jobs most likely to be “last” InfoSec job • network security administrator • network security consultant • information assurance consultant • system security administrator • chief security • information risk manager • security administrator • security project manager • identity management consultant • security team lead Top 10 jobs least likely to leave InfoSec • penetration tester • senior information security engineer • information security architect • senior information technology security analyst • senior information security analyst • information security engineer • enterprise security architect • information security advisor • senior manager information security • information technology security architect
  25. 25. An analysis of Senior InfoSec talent Ascending the ranks
  26. 26. Background of Senior InfoSec Talent ~48% come from a technical background (eng / IT / ops / dev) Some popular non-technical fields that senior InfoSec talent come from: • Program and Project Management • Consulting • Sales • Research • Military and Protective Services • Finance • Education • Legal • Non-technical Operations • Business Support Roles
  27. 27. Want to be a senior infosec person? Pick up these skill clusters! Skill Clusters on LinkedIn and the % of Senior Information Security staff that have them ● Business - 77% ● IT Infrastructure and System Management -75% ● Finance - 26% ● Process and Project Management - 20% ● Management and Leadership - 19% ● Computer Network and Network Administration - 15% ● Medical - 11% ● Healthcare Management - 11% ● Law - 11% ● Risk Management - 9% ● Microsoft Windows Systems - 8%
  28. 28. CISO-specific data A CISO lasts, on average, 3.94 years in their position. Tenure varies significantly based on company size and industry. Company SIze Avg CISO Tenure 11-50 3.2 51-200 3.6 1001-5000 3.7 10001+ 4.4 It takes, on average, 13 years of work experience to become a CISO. To get a CISO position in a larger company, you need another year or two of experience on average.
  29. 29. CISO Tenure By Industry Industry Avg Tenure financial services accounting 4.3 insurance 4.3 financial services 4.2 investment management 4.1 banking 4.0 investment banking 3.2 medical and healthcare pharmaceuticals 4.0 hospital & health care 3.8 cosmetics 1.8 energy utilities 5.5 oil & energy 3.7 Industry Avg Tenure consumer retail 4.3 food & beverages 3.9 consumer goods 3.7 technology information technology and services 3.8 computer and network security 3.4 internet 3.0 computer software 2.8 Average tenure: 3.97 years

×