2021 EDSIG Proceedings: Abstract Presentation

Securing a Security Job

Janos Fustos
Metropolitan State University of Denver

Abstract
It is hard to find a definition for “security professional”. Some experts and different organizations define them based on the certificates they have or the degrees they’ve completed. While the United States is still experiencing relatively high unemployment (still well above the pre-pandemic levels), demand for workforce that is working in security related areas remains strong. On November 16, 2020, NICE (National Initiative for Cybersecurity Education) released the NIST SP 800-181 Revision 1, the Workforce Framework for Cybersecurity. The accompanied supplemental document listed 30+ specialty areas and identified and described 50+ roles in computer- and cybersecurity fields. Based on professional estimates originating from advisory firms and service providers there were 3.5 million unfilled positions globally in February 2021. To determine what skills employers are looking for as they advertise for jobs, data was collected and analyzed from 1000+ nationwide job advertisements. Requested skills were then grouped into related categories and summarized. The most frequently requested skills are identified and discussed. The authors also collected data regarding the education level and certifications requested. The developed tables contain a variety of information for faculty who are teaching and developing courses or curricula in the information security/cybersecurity area. Sometimes students do not see the value of what may appear to them as just a theoretical topic, yet it clearly has practical applications. In positions seeking security professionals it is interesting to note that 50% or less of the listed skill sets and detailed descriptions refer directly to security related areas. The requests for these other fields demonstrate that our students, future employees of these companies, will typically have to have multiple areas of expertise. Another interesting point is that employer expectations in certain areas can be quite high in terms of practical skills and technical proficiencies. Information systems, computer science, information technology, and cyber security students can take heart from the collected data, which also shows that a degree is important to employers. They may not be as happy to see the number of companies requesting certificates and many of these are requests for the higher-level certificates! The results can be used to modify existing courses/curriculum to better prepare students to obtain positions and be successful as security professionals.