Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementCybersecurity News

Research Reveals Cybersecurity Profession at Risk

cyber5-900px.jpg
October 9, 2016

A study has revealed that nearly two-thirds (65%) of cybersecurity professionals struggle to define their career paths.

The study by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) found two big “red flags”: The majority of cybersecurity professionals aren’t receiving the right level of skills development to address the rapidly evolving threat landscape. And the skills shortage has created a job market that represents an existential threat, adding job-related stress to cybersecurity personnel while making it harder for organizations to protect critical IT assets.

When it comes to the CISO, the research found that he or she succeeds or fails based upon leadership skills and face time with executive management and the board of directors. Also of concern is that cybersecurity relationships with business and IT groups need work.

“This research paints an escalating and dangerous game of cybersecurity ‘cat and mouse’ and today’s cybersecurity professionals reside on the front line of this perpetual battle, often knowing they are undermanned, underskilled and undersupported for the fight,” said Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group (ESG).

Based upon the data collected, “The State of Cyber Security Professional Careers (Part I): An Annual Research Project (Part I)” conclusions include:

  • Nearly two-thirds (65%) of respondents do not have a clearly-defined career path or plan to take their careers to the next level: This is likely due to the diversity of cybersecurity focus areas, the lack of a well-defined professional career development standard and map, and the rapid changes in the cyber security field itself.
  • Continuous cyber security training is lacking: When asked if their current employer provides the cybersecurity team with the right level of training to keep up with business and IT risk, more than half (56%) of survey respondents answered “no,” suggesting that their organizations needed to provide more or significantly more training for the cybersecurity staff.
  • Cyber security certifications are a mixed bag: Over half (56%) of survey respondents had received a CISSP and felt it was a valuable certification for getting a job and gaining useful cyber security knowledge. Other than the CISSP certification however, cybersecurity professionals appear lukewarm on other types of industry certifications. Based upon this data, it appears that security certifications should be encouraged for specific roles and responsibilities, but downplayed as part of a cybersecurity professional’s overall career and skills development.
  • Cybersecurity professionals are in extremely high demand. Forty-six percent (46%) of cybersecurity professionals are solicited to consider other cybersecurity jobs (i.e. at other organizations) at least once per week. In other words, cybersecurity skills are a “sellers’ market” where experienced professionals can easily find lucrative offers to leave one employer for another. This risk is especially high in lower paying industries like academia, health care, public sector, and retail.
  • Many CISOs are not getting enough face time in the boardroom, a significant contributing factor to CISO turnover. While industry rhetoric claims that “cyber security is a boardroom issue,” 44% of respondents believe that CISO participation with executive management is not at the right level today and should increase somewhat or significantly in the future. Alarmingly, this perspective is more common with more experienced cybersecurity managers (who should be working with the business) than cybersecurity staff members. When asked why CISOs tend to seek new jobs after a few short years, cybersecurity professionals responded that CISOs tend to move on when their organizations lack a serious cybersecurity culture (31%), when CISOs are not active participants with executives (30%), and when CISOs are offered higher compensation elsewhere (27%).
  • Internal relationships need work. While many organizations consider the relationship between cyber security, business, and IT teams to be good, it is concerning that 20% of cybersecurity professionals say the relationship between cybersecurity and IT is fair or poor (surprising given that 78% of cybersecurity professionals got their start in IT) and 27% of survey respondents claim the relationship between cybersecurity and the business is fair or poor. The biggest cybersecurity/IT relationship issue selected relates to prioritizing tasks between the two groups while the biggest cybersecurity/business relationship challenge is aligning goals.

“These conclusions point to the need for business, IT, and cybersecurity managers, academics, and public policy leaders to take note of today’s cybersecurity career morass and develop and promote more formal cybersecurity guidelines and frameworks that can guide cyber security professionals in their career development,” said Candy Alexander, CISO, ISSA Cyber Security Career Lifecycle (CSCL) Chair. “Independent organizations such as the ISSA with its Cyber Security Career Lifecycle (CSCL) are taking the lead on such initiatives. This research data will help the ISSA strengthen its groundbreaking program.”

The report also lays out the “Top 5 Research Implications for Cyber Security Professionals” as a guideline for taking control of the cyber security career lifecycle. Similarly, it lays out the “Top 5 Research Implications for Employers” to help businesses, non-profits, and government agencies appeal to cybersecurity professionals at large.

Added Oltsik, “In spite of these issues however, it is encouraging that 79% of survey respondents strongly agree or agree that they are happy as a cybersecurity professional. Together with a moral imperative that attracts people to the cybersecurity profession, this data point speaks volumes about cybersecurity professionals who are willing to passionately fight the good fight regardless of their personal situations.”

http://www.issa.org/?page=issaesg_survey

KEYWORDS: CISO cyber security cyber threats

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Survey Reveals Challenges Facing Cybersecurity Profession

    See More
  • cyber graphic

    57% of financial firms at risk of data breach due to mismanaged data

    See More
  • mobile

    Research reveals 50% of apps have security vulnerabilities

    See More

Related Products

See More Products
  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing