1 / 148

(ISC) 2 2015 Global Workforce Study Results Overview

This report presents the results of the (ISC)2 Global Workforce Study in the Europe, Middle East, and Africa region, providing insights into key trends and issues in the information security profession. The study aims to understand certification, training, and education requirements, identify potential gaps in organizational security, and forecast future job positions in the next 3 to 5 years.

johnf
Download Presentation

(ISC) 2 2015 Global Workforce Study Results Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. (ISC)2 2015 Global Workforce Study ResultsOverview Regional Report: Europe, Middle East & Africa March 23, 2015

  2. Project Background and Objectives

  3. Research Background and Objectives • Background • The information security profession continues to undergo shifts as a result of constantly changing regulatory environment and increasingly sophisticated and emerging new threats. (ISC)2 has committed itself to maintaining its leadership role and growing its membership base in key geographic regions in which it is currently under represented. • Study Objectives • To obtain feedback from the (ISC)2 members regarding certification, training and educational requirements for their organizations and their professional development. • To identify trends and issues related to information security from both members and non-member security professionals. • To understand potential gaps in organizational security. • To forecast what positions will be most highly sought after in the next 3 to 5 years.

  4. Methods

  5. Methods: (ISC)2 Members Survey • Conducted using an on-line web based survey using the (ISC)2 membership list. • Email invitations to complete the survey were sent out to (ISC)2 members between October 2014 and January 2015. • Respondents are currently employed directly by a company or organization, employed as a contractor or work as an independent security consultant. • A total of 11,208 (ISC)2 members were surveyed between October 2014 and January 2015.

  6. Methods: (ISC)2 Members Survey (Continued) • Sample Size • Care was taken to ensure that the sample taken from the (ISC)2 membership is representative of the current (ISC)2 membership. • An analysis of the (ISC)2 membership list by country population proportions was undertaken and compared to country level sample sizes for the (ISC)2 membership survey. The sample sizes by country are representative of the total population proportions by country. • Technical Note • The sample in this study is not designed to reflect the universe of all public and private organizations for security professionals, and the results should not be projected across the entire population. Note: Due to rounding errors, percentages in charts and tables, may not sum to 100.

  7. Methods: (ISC)2 Members Survey (Continued) • A total of 11,208 (ISC)2 members were surveyed between October 2014 and January 2015 by Frost & Sullivan. The table below shows the sample size by region.

  8. Methods: Non-Members Survey • Respondents had the following roles and responsibilities related to IT security: • Hire or manage IT security professionals and look for security related credentials in their candidates • Provide input to IT security-related policies and procedures, or execute their companies IT security related policies and procedures • Hold security related credentials or a member of a security-related organization excluding (ISC)2 • A total of 2,722 non-members were surveyed between October 2014 and January 2015 by Frost & Sullivan.

  9. Methods: Non-Members Survey (Continued) • A total of 2,722 non-members were surveyed between October 2014 and January 2015 by Frost & Sullivan. The table below shows the sample size by region.

  10. Respondent Profile

  11. Job Function Q1a. Which of the following most closely represents your present job function? Information security professional is the most common job function globally, and the largest proportion from across EMEA identify this role as their primary job function. Base: All 2015 worldwide respondents (n=13,930). `

  12. Job Title Q7c. Which one of the following job titles or categories best describes your current position? While globally security analysts and security consultants are equally common, in EMEA the security consultant job title is most common. This trend is driven by the UK, where this title is more than twice as common than any others. Base: All 2015 worldwide respondents (n=13,930).

  13. Satisfaction With Current Position Q10c. Overall, how satisfied are you in your current position? Overall, satisfaction levels are relatively consistent throughout EMEA, with France more likely to report that they are somewhat satisfied and less likely to be very satisfied compared with other countries in the region. Base: All 2015 worldwide respondents (n=13,930).

  14. Professional Area Q8. Would you consider yourself to be a professional in any of the following areas? Please select all that apply to you. Globally, information security is the most commonly reported professional area. The trend is slightly less common in Germany, where professionals are less likely to report that they work in information security. Base: All 2015 worldwide respondents (n=13,930). `

  15. Professional Activities Q9a. Which of the following activities consume a significant amount of your time? Please select all that apply to you. EMEA professionals are equally likely to engage in GRC and security management activities, while GRC activities are more common globally. Base: All 2015 worldwide respondents (n=13,930). `

  16. GRC Activities Q9b. Which of the following GRC activities consume a significant amount of your time? Please select all that apply to you. Base: Filtered respondents (n=6,975).

  17. Security Leadership Activities Q9c. Which of the following security leadership activities consume a significant amount of your time? Please select all that apply to you. Base: Respondents involved in security leadership activities (n=4,074).

  18. Security Management Activities Q9d. Which of the following security management activities consume a significant amount of your time? Please select all that apply to you. Base: Filtered respondent (n=6,334).

  19. Security Operations Activities Q9e. Which of the following security operations activities consume a significant amount of your time? Please select all that apply to you. Base: Respondents involved in security operations activities (n=5,895).

  20. Incident Response Activities Q9f. Which of the following incident response activities consume a significant amount of your time? Please select all that apply to you. Base: Respondents involved in incident response activities (n=5,895).

  21. New Research Technology Activities Q9g. Which of the following new technology research activities consume a significant amount of your time? Please select all that apply to you. Base: Respondents involved in new technology research activities (n=4,474).

  22. Current Primary Responsibility Q7a. Which one of the following best describes your current primary functional responsibility? Globally, professionals are equally likely to be primarily responsible for managerial, consulting or operational duties, however professionals in EMEA lean more heavily toward security consulting. Base: All 2015 worldwide respondents (n=13,930).

  23. Future Primary Responsibility Q7b. Which one of the following best describes what you expect your primary functional responsibility to be in the next two to three years? Professionals in EMEA expect to transition into managerial roles or stay in their security consulting roles. Base: All 2015 worldwide respondents (n=13,930).

  24. Reporting Structure Q10a. Which one functional area of your organization do you primarily report to? Across EMEA, most report to the IT department or executive management. Base: All 2015 worldwide respondents (n=13,930).

  25. C-Level Reporting Q10b. Which C-level executive do you primarily report to? Among those who report to a C-level manager, most report to a CIO. This is particularly common in South Africa. Base: Filtered respondents (n=3,102).

  26. Years of Experience Q6. How many years have you been actively involved with information or IT security? The largest proportion indicate that they have between 11 and 15 years of experience. Base: All 2015 worldwide respondents (n=13,930).

  27. Industry Q4a. Which one of the following industry sectors best describes your company? Information technology and professional services are the most common industries in EMEA. Base: All 2015 worldwide respondents (n=13,930).

  28. Government Professional Services Q4b. Are you providing professional services exclusively to government? The prevalence of respondents who provide professional services exclusively to the government is the highest in the Middle East. Base: Filtered respondents (n=2,067).

  29. Government Contractor Q5a. Are you currently employed as a government contractor? The numbers reporting that they are a government contractor are considerably lower in EMEA compared to global levels. Base: Filtered respondents (n=3,047).

  30. Government Organization Q5b. Which of the following best describes the government organization for which you currently work? In Germany, those who work for the government are most commonly involved in national defense. This trend does not apply in other EMEA regions. Base: Filtered respondents (n=3,047).

  31. Employment Status Q2. Which of the following best describes your employment status? Most in EMEA are employed directly by a company or organization. Base: All 2015 worldwide respondents (n=13,930)

  32. Organizational Revenue Q62. What is your organization's global annual revenue? As best you can, please provide the total annual revenues for your organization in U.S. dollars. Overall, the largest proportion are unable to provide their organizational revenues. Base: All 2015 worldwide respondents (n=13,930)

  33. Total Employees Q17. What is the total number of employees across your entire organization worldwide, including all of its branches, divisions, and subsidiaries? The largest proportion of respondents work for large organizations with 10,000 or more employees. Base: All 2015 worldwide respondents (n=13,930)

  34. Age Q64. Which of the following categories contains your age? The numbers reporting that they are a government contractor are considerably lower in EMEA compared to global levels. Base: All 2015 worldwide respondents (n=13,930)

  35. Gender Q63. What is your gender? Across the EMEA region, the profession is overwhelmingly male-dominated. Base: All 2015 worldwide respondents (n=13,930)

  36. Salary Change Q67. Did you receive a salary increase, including benefits and incentives, in 2014? The majority received a salary increase in 2014, including 47% of South Africans whose salary increase exceeded 5%. Base: All 2015 worldwide respondents (n=13,930)

  37. Change in Employment Status Q68. Did you change your employer or employment status in 2014? Base: All 2015 worldwide respondents (n=13,930)

  38. Education Q65a. What is your highest level of education completed? Base: All 2015 worldwide respondents (n=13,930)

  39. Undergraduate Major Q65b. What was your undergraduate major? Base: Filtered respondents (n=12,512).

  40. Hiring and Workforce Issues

  41. Hiring Q19a. Are you responsible for hiring your organization's information security staff? More Middle Eastern respondents are responsible for hiring than their regional counters counterparts. Base: All 2015 worldwide respondents (n=13,930)

  42. Important Skills Q19b. When making hiring decisions for information security staff how important is each of the following? - Top two box scores Across the EMEA region, relevant experience is the most important skill sought in new hires, however security certifications take on special importance in South Africa and the Middle East. Base: Filtered respondents (n=12,512).

  43. Require Security Certifications Among Staff Q20a. Does your organization require its IT staff to have information security certifications? French firms are by far the least likely to require a security certification among their staff, and the EMEA region generally is less likely to require them. Base: All 2015 worldwide respondents (n=13,930)

  44. Reasons For Requiring Staff to Hold Security Certifications Q20b. What are all the reasons your organization requires staff to have information security certifications? Select as many as apply. Among those who require a security certification, employee competence is the most commonly cited reason in most areas of the EMEA region, however Middle Eastern professionals are more likely to cite quality of work. Base: Filtered respondents (n=5,946):

  45. Factors Contributing to Success Q21. How would you rate the importance of each of the following in contributing to being a successful information security professional? - Top two box scores Consistently in all countries, communication skills, a broad understanding of the security field and an awareness of the latest security threats are the most important skills. Base: All 2015 worldwide respondents (n=13,930)

  46. Employment Gaps Q22. Thinking of your organization, at what experience level is there the most demand for new hires? Across the EMEA region, entry level positions are in highest demand. Base: All 2015 worldwide respondents (n=13,930)

  47. Demand for Training and Education Q23. In which areas of information security do you see growing demand for training and education within the next three years? Select as many as apply. In most regions in the EMEA region, cloud computing is the area requiring the most training and education, however in the UK, South Africa and the Middle East, training on BYOD is ranked a close second. Base: Filtered respondents (n=7,985).

  48. Significant Skills for Achieving Success Q24. How significant were each of the following skills and competencies in information security in achieving your current position or level? - Top two box scores Communication skills are the most important for achieving success in all regions, followed by analytical skills and risk assessment and management skills. Base: Filtered respondents (n=7,985).

  49. Future Skills and Competencies Q25. What are the skills and competencies that you will need to acquire or strengthen to be in position to respond to the threat landscape over the next three years? Select all that apply. Risk assessment and management ranks as the top overall future skill among professionals in the EMEA. Generally, professionals in the Middle East and South Africa are more likely to place emphasis on any given skill or competency. Base: Filtered respondents (n=7,985).

  50. Future Skills and Competencies in New Recruits Q26. How important are each of the following skills and competencies when recruiting new entry to mid-level information security professionals to your organization? - Top two box scores Communication skills and analytical skills are nearly unanimously seen as important skills in new recruits. Base: Filtered respondents (n=7,534)

More Related