RSAC - Risks related to Shortage of IT Security professionals
Corporate Security must implement a blend of "technology" and "people" solutions, to safeguard information resources. While the best technical defenses are always required, users are a vital part of the equation. Otherwise, attackers will eventually learn enough to bypass physical, technical, or user based controls. As evident in recent attacks, the highly advanced skills and methods of attackers can often defeat defenses in even major corporations. Security requires a continuous improvement approach in attempts to be one step ahead of attackers. A shortage of experienced IT experts is cited as a key corporate and even national risk.
QUOTE: Your castle is under attack, but nearly half of your defenders and over half of their commanders are missing in action. OK, there's no castle, but in the war between business and the malware ecosystem, a vast number of defensive positions remain unfilled. At the RSA Conference, Art Gilliland, SVP and general manager, Enterprise Security Products for HP, explained just what HP is doing to fill this security gap.
Security Gap - "The bad guys are so effective because there's a massive gap in the number of skilled IT security people," said Gilliland. "We researched it, we looked at the job environment with Ponemon. 40 percent of essential IT security jobs go unfilled; it's a huge gap. Trying to fight this well-financed adversary, well, if you don't have the skills, you lose. We see that happening. "We're putting our money where it matters," said Gilliland. "We've allocated a quarter million dollars towards scholarships for women studying IT security. And we're investing in the industry in general by helping universities develop a practical IT security curriculum