Security Experts: Education, Certifications Aren't Keeping Up With The Times

As the security industry grapples with a growing talent shortage, security experts said education programs and current certifications aren't positioned in the most effective way to start closing that gap.

That gap is much worse than the tech industry as a whole and it's on the rise, experts agreed. One recent study by Frost & Sullivan found that 62 percent of the nearly 14,000 respondents didn't have enough security talent, up from 56 percent in 2013. The study predicted that the total gap between demand and available talent would be more than 1.5 million jobs by 2020.

Investment money is pouring into security in the wake of an onslaught of cybersecurity threats and, as a result, more universities and even high schools are starting to roll out focused degrees and programs.

[Related: Code Red: It's Time To Sound The Alarm On The Security Talent Shortage]

Sponsored post

"Security budgets are going up, which is because of these new threats that organizations are seeing," Gerry Grealish, chief marketing officer at McLean, Va.-based-based Perspecsys, said. "While traditional IT needs to be an area that people train in as well, I think you're seeing a specific investment in the security space because of the investment in that area [from businesses]."

The challenge with those programs is that they are very new and academia is traditionally slow to evolve, said Don Maclean, chief cybersecurity technologist at DLT Solutions, a Herndon, Va.-based solution provider that is No. 35 on CRN's 2015 Solution Provider 500 list. By contrast, the security market is evolving at breakneck speed.

"I think a lot of university programs in security are moving cautiously and slowly," Maclean said. "They tend to be a little bit behind the eight ball on technology."

As an example of the distance between academia and the day-to-day security market, Maclean spoke of a time when he had three employees working on a project, one with two master's degrees, one working on a master's degree and one with only a year of undergraduate college. Despite having drastically different levels of specialized education, Maclean said all were equally effective employees.

One way enterprises are helping bridge that gap is by forming partnerships with universities, such as Carnegie Mellon, and other education groups to focus on specific security areas, such as identity and access management, Grealish said. He said he sees more education groups embracing that sort of hands-on approach.

"It's helping bridge the gap between the theory of academia and the roll-up-the-sleeves operational issues that folks face when they get into the enterprise," Grealish said.

Some solution providers also are looking to transition and leverage the talents of computer science and engineering professionals to their security practice. Jonathan Grier, principal at Grier Forensics, said he sees that as the key to getting the high-skill security talent he needs, instead of a flood of new college graduates at the beginning of their careers.

For those already in the industry, security certifications are in the lead when it comes to high salaries, according to the 2015 IT Skills and Salary Survey by Global Knowledge. Four of the top five money-making certifications on the annual list were focused on security. Money aside, Maclean said security certifications have a long way to go to mirror what the industry needs from its talent.

"I think the context of a lot of these certification programs and masters programs need to be beefed up. I see that happening, but it needs to be more current," Maclean said.

What that means, Maclean said, is it's up to the vendors and solution providers to educate the next generation of talent that is clamoring to get into the hot security marketplace.

"I think part of my role is to get out there and evangelize for security," Maclean said. "I definitely think that, as the security vendor or solution provider develops technology that is security-oriented that may not have time to make it into a master's program or into a list of security certification questions, they should definitely be promulgating that, for their own sake to help their own product but also for the general good of the security community."

This article originally appeared as an exclusive on the CRN Tech News App for iOS and Windows 8.